This was laid bare in the newly released 2025 Africa Cyberthreat Assessment Report by INTERPOL, which reveals a troubling picture of a continent under siege from complex and well-organised cybercriminals.

The report draws on data submitted by African governments and private sector firms working with INTERPOL. Two-thirds of the countries surveyed admitted that cyber-related offences now make up a medium-to-high portion of their overall crime rate. In parts of West and East Africa, cybercrime accounts for over 30% of all reported criminal incidents.

One of the most jarring findings in the report is the sheer explosion in scam attempts. Countries such as Kenya, Nigeria, and South Africa have reported up to 3,000% increases in scam-related alerts within the last year alone. 

According to Kaspersky, a key contributor to the report, this surge is largely driven by phishing—emails and messages designed to trick users into giving up personal or financial information.

But phishing is just the beginning. The report highlights an increase in ransomware attacks across digitally advanced countries. “Ransomware detections in Africa also rose in 2024, with South Africa and Egypt suffering the highest number, at 17,849 and 12,281 detections respectively, according to data from Trend Micro, followed by other highly digitized economies such as Nigeria (3,459) and Kenya (3,030).”

These attacks are disrupting individuals, businesses, and going after national institutions. Kenya’s Urban Roads Authority was one of the high-profile victims of a breach, while Nigeria’s National Bureau of Statistics suffered an attack on its databases.

Even more disturbing is the rise in Business Email Compromise (BEC) schemes, with West Africa emerging as a hotbed of syndicates such as the notorious Black Axe. These groups operate highly structured fraud networks that have siphoned millions from victims worldwide, often masquerading as legitimate organisations.

Another growing area of concern is digital sextortion. INTERPOL reported a 60% spike in such cases. Criminals often manipulate victims into sharing intimate content or use fake, AI-generated images to extort them. These attacks can be emotionally devastating and difficult to prosecute, especially in societies where victims may be reluctant to report such cases.

INTERPOL’s Cybercrime Director, Neal Jetton, stressed the gravity of the situation. “This fourth edition of the INTERPOL African Cyberthreat Assessment provides a vital snapshot of the current situation, informed by operational intelligence, extensive law enforcement engagement, and strategic private-sector collaboration. It paints a clear picture of a threat landscape in flux, with emerging dangers like AI-driven fraud that demand urgent attention. No single agency or country can face these challenges alone.”

The institutional response, however, is still inadequate. The report notes that 75% of African countries admitted their cybercrime laws and prosecutorial frameworks are outdated or insufficient. Even worse, 95% say they lack the training, tools, and resources to implement the laws that already exist.

Many countries still lack the basics: just 30% have a formal incident reporting system, 29% possess a digital evidence repository, and only 19% maintain a cyberthreat intelligence database. 

This limited capacity seriously affects cross-border investigations and slows down international cooperation. 86% of countries said collaboration with foreign agencies is hampered by red tape and logistical constraints.

Public-private partnerships are another weak link. 89% of countries surveyed said their cooperation with companies that could provide vital data or technical expertise is subpar, mostly due to poor coordination structures or outdated regulations.

With the challenges, however, there are small signs of progress. A growing number of African nations have begun aligning their cybersecurity legislation with global standards. Some have invested in specialised cybercrime units and forensic labs. 

These advances were showcased in INTERPOL-led operations such as Operation Serengeti and Operation Red Card, which led to more than 1,000 arrests and the takedown of hundreds of thousands of malicious networks.

Ambassador Jalel Chelba, acting executive director of AFRIPOL, noted that cybercrime is now a governance issue. “Cybersecurity is not merely a technical issue; it has become a fundamental pillar of stability, peace, and sustainable development in Africa. It directly concerns the digital sovereignty of states, the resilience of our institutions, citizen trust, and the proper functioning of our economies.”

To strengthen Africa’s ability to tackle this rising tide of cyber threats, INTERPOL recommends six immediate priorities: boost regional and international cooperation; run public awareness campaigns; modernise cybercrime laws; upgrade operational infrastructure; adopt advanced investigative technologies; and deepen collaboration with the private sector.

The report forms part of INTERPOL’s African Joint Operation against Cybercrime (AFJOC) programme, supported by the UK Foreign, Commonwealth & Development Office, and it benefits from contributions by global cybersecurity firms like Group-IB, Trend Micro, Bi.Zone, and Kaspersky.

Without urgent, coordinated action across governments, security agencies, and the tech sector, Africa may find itself overwhelmed by a threat that knows no borders and stops at nothing.

The advisory warns of the high probability and severe damage potential of these attacks, particularly those orchestrated by the Phobos ransomware group.

According to ngCERT, the most at-risk entities include providers of information technology and telecommunication services. These sectors are particularly vulnerable as they often manage cloud services for critical government agencies, financial institutions, telecommunications, education, healthcare services, and NGOs in Nigeria. 

“ngCERT has detected an increase in ransomware attacks by the Phobos ransomware group, specifically targeting critical cloud service providers within our national cyberspace. We are actively collaborating with vulnerable and affected organisations to swiftly resolve these incidents and prevent further escalation. 

“The most at-risk entities include providers of information technology and telecommunication services, such as managed cloud services, whose clients include critical government agencies, financial institutions, telecommunications, education, healthcare, service providers, and NGOs in Nigeria.”

The advisory emphasises the need for these organisations to proactively implement mitigation strategies to prevent the spread of malware.

Recent intelligence has revealed a surge in ransomware activities aimed at cloud service providers key to Nigeria’s cyberspace. The Phobos group has been particularly aggressive, targeting entities that include government agencies, financial institutions, healthcare services, and NGOs. 

These attackers exploit vulnerabilities in these systems to gain unauthorised access, encrypt data, and demand ransoms. 

Phobos ransomware operatives typically infiltrate networks using phishing campaigns and IP scanning tools to find susceptible Remote Desktop Protocol (RDP) ports. They exploit these vulnerabilities to execute hidden payloads and gain control over systems. 

Upon accessing an exposed RDP service, they use brute force tools to escalate privileges and deploy additional malware. Key tools in their arsenal include lsass.exe and cmd.exe for command execution and tools like Smokeloader for payload delivery.

Indicators of compromise associated with these attacks include emails from finamtox@zohomail.eu, potentially related to the Phobos ransomware group. The file format often used is filename.id[xxxxxxx-xxxx].email.xshell.

Organisations affected by Phobos ransomware may experience a range of serious consequences. These include system compromises and data breaches, ransom payments to restore access, data encryption leading to operational lockouts, financial losses, Denial of Service (DoS) attacks, and fraudulent activities using compromised systems.

ngCERT recommends several measures to combat these threats. Organisations should secure RDP ports and prioritise the remediation of known vulnerabilities. Implementing Endpoint Detection and Response (EDR) solutions to disrupt malicious activities is also important. 

Again, disabling unnecessary command-line and scripting activities can prevent unauthorised access. Segmenting networks to prevent the spread of ransomware and regularly updating and enabling real-time antivirus detection are also advised. 

Conducting audits of user accounts and administrative privileges helps maintain a secure environment. Maintaining multiple, secure backups of vital data and disabling hyperlinks in received emails to prevent phishing attacks are essential preventive measures.

Organisations are urged to adopt these mitigation strategies to protect their systems from the escalating ransomware threat. Regular updates, vigilant monitoring, and robust security protocols are essential to safeguard against these sophisticated cyber-attacks.

In an 11-page report titled ‘National Cyber Threat Forecast 2024’, CSEAN noted that the global landscape witnessed a substantial rise in cyber-attacks, with notable incidents involving ransomware, credential and information stealer malware, and website defacement.

Nigeria, like many other countries, faced its share of these challenges in 2023. The report drew insights from diverse sources, including cyber threat reports, and incident analyses, and equally collected and analysed data from various sources, including cybersecurity professionals in the country, 2022 and 2023 threat trends, to present the forecast of cyber threats for 2024.

The report was co-authored by Oluwafemi Osho, John Odumesi, Hamzat Lateef, Olajumoke Oloyede and Jonathan Ayodele, who are members of the Directorate of Research and Development at the Cyber Security Experts Association of Nigeria.

In anticipating the road ahead, the CSEAN National Cyber Threat Forecasts 2024 points to a continued surge in mis/disinformation, ransomware attacks, attacks against vulnerable government’s online assets, crypto scams, benefit and employment scams, information and credential theft, AI-enabled threats, impersonation scams, insider threats, cyber hacktivism, and web defacement.

As predicted in the CSEAN National Cyber Threat Forecasts for 2023, Nigeria experienced a deluge of fake news in the periods leading up to and during the 2023 general elections. In 2024, the persistent issue of misinformation and disinformation is expected to continue.

The ease of spreading false information through digital platforms, mainly social media, makes it a prevalent issue that extends beyond politics, impacting social stability and national security. Practical measures, including stringent fact-checking, public education campaigns, and regulatory actions, are necessary to curb the spread of false information.

These efforts require collaboration between individuals, tech companies, and governmental bodies to ensure a well-informed public and a secure digital environment in Nigeria.

In 2023, the cybersecurity sector in Nigeria experienced a dramatic rise in ransomware attacks, establishing it as the primary cyber threat of the year.

This increase was fueled by the widespread availability of ransomware-as-a-service, which allowed even those with minimal technical expertise to launch sophisticated cyberattacks.

For 2024, the forecast indicates an increase in ransomware attacks in Nigeria, impacting both public and private entities.

The accessibility of ransomware-as-a-service and the success of previous campaigns suggest a persistent and growing threat. To mitigate this, organisations are urged to update software and systems regularly, avoid unauthorised software, implement strong monitoring practices, and swiftly patch security flaws.

The vulnerability of many Nigerian government online assets to common exploits is expected to persist in 2024, continuing the trend observed in 2023.

The availability of public exploit code for these vulnerabilities makes them attractive targets for threat actors, often serving as initial entry points for malicious attacks.

Regularly patching known vulnerabilities is critical to prevent malicious actors’ exploitation. Additionally, implementing robust cybersecurity protocols, including proactive monitoring and intrusion detection systems.

With the Central Bank of Nigeria (CBN) lifting restrictions on banks facilitating cryptocurrency transactions, 2024 is poised to be a pivotal year for the crypto landscape in Nigeria.

This decision opens the door for an influx of cryptocurrency service providers, significantly increasing market accessibility.

However, this development also sets the stage for a potential rise in crypto scams. The combination of heightened market accessibility, a large, eager investor base, and the complexities in effectively regulating and monitoring crypto transactions creates an environment ripe for the proliferation of crypto scams in Nigeria.

This situation necessitates urgent and concerted efforts to implement robust educational campaigns, enhance security measures, and establish vigilant regulatory frameworks.

In 2024, Nigeria can be expected to witness a surge in employment and benefit scams, a trend that has been prevalent in 2023.

These scams often lure victims with promises of financial inducements and part-time job offers, primarily disseminated through various digital platforms.

The anticipated increase in these scams in 2024 can be attributed to Nigeria’s challenging economic situation, which may drive more individuals to seek financial opportunities online. Several measures are crucial to counter this rising threat.

These include public awareness campaigns, improved monitoring and vetting by digital platforms, law enforcement collaboration for reporting and prosecution, and promoting safe job search practices with thorough recruiter verification and caution against sharing personal details or making payments.

Nigeria’s cybersecurity arena, in 2023, experienced a dramatic increase in information and credential theft, marked by advanced malware attacks.

These attacks, characterized by high sophistication, were a significant step up from previous challenges. Managed Security Service Providers (MSSPs) and Security Operations Centers (SOCs) encountered numerous cases involving potent malware variants like RedLine, Racoon, and Lumba, adept at evading traditional cybersecurity measures.

The forecast for 2024 suggests a continuation and escalation of these threats, with sophisticated malware attacks expected to rise. A robust and comprehensive cybersecurity approach is crucial to counter this growing menace.

The forecast envisage an increase in the use of AI for malicious purposes in 2024. Attackers will leverage the capabilities of AI to enhance the efficiency and effectiveness of their cyber-criminal activities.

This will manifest in more personalized phishing attacks, personalised malware, automated large-scale attacks, and sophisticated social engineering attacks.

To mitigate AI exploitation for cybercrimes, individuals should stay informed and practice cybersecurity hygiene. Organisations must invest in AI-driven security solutions and staff training.

Governments should enforce robust cyber laws, support research in AI security, and foster public-private partnerships for sharing intelligence and best practices in cybersecurity. In 2024, Nigeria is poised to continue facing the challenge of impersonation scams.

These scams involve creating fake websites and social media profiles, using the names and images of well-known figures to deceive the public. Public awareness campaigns and educating people on recognizing and reporting such scams are crucial to combating impersonation scams.

Social media platforms and web-sites must enforce stricter verification processes for profiles claiming organisational or individual identities.

Additionally, collaboration with law enforcement will be vital in ad-dressing and legally pursuing these frauds.

The forecast predict Nigeria will face an upsurge in insider threats in 2024. Amid these economic hardships, cybercrime has become an increasingly attractive option, offering substantial illegal earnings. Businesses and organisations must adopt various measures to combat this growing threat.

These include increasing employee pay to better align with the cost of living, offering financial incentives for loyalty, conducting ethics training emphasizing cybersecurity responsibilities, monitoring employee behaviour, and implementing robust cybersecurity protocols like multifactor authentication.

In light of the events of 2023, where Nigeria witnessed the disruptive force of cyber hacktivism following the coup d’état in Niger, it is highly likely that 2024 will see an in-crease in similar activities. To mitigate this escalating threat of cyber hacktivism in 2024, Nigeria must adopt a multi-faceted approach.

Strengthening cybersecurity infrastructure is paramount. This involves investing in advanced security technologies and enhancing the capability of cybersecurity personnel.

Looking ahead to 2024, the forecast suggests an escalation in the severity and frequency of web defacement incidents, affecting a diverse range of industries.

The high incidence of attacks on academic institutions highlights the urgent need for all sectors, especially education, to reassess and bolster their cybersecurity measures.

Commenting on the report, Mr. Ade Shoyinka, the president of the Cyber Security Experts Association of Nigeria, emphasized the need for collaboration between public and private sectors, the adoption of updated computing resources, and a commitment to cybersecurity best practices are imperative. In essence, the evolving digital threats demand a united front.

Organisations, irrespective of sector, must strengthen their defences, invest in cutting-edge technologies, and prioritize education to mitigate vulnerabilities. As we navigate the uncertainties of 2024, a shared commitment to cybersecurity resilience will be the cornerstone of a secure and resilient digital future

The full report can be accessed here.

Whether you’re a start-up, a growing SME, or well-established business, all types of businesses should prioritise security.

A recent study by Kaspersky found that ransomware attacks in South Africa have doubled (likewise in Nigeria) when comparing January to April 2022 to the same period last year. It’s estimated that an average South African company will need to spend million to retrieve the stolen data!

Malware attacks also pose an immense threat to businesses, and these software viruses include worms, spyware, adware, and trojans that breach a network through a vulnerability.

Beyond internet security and antivirus software, what else can you do? There are a few things you need to be aware of when investing in hardware like laptops for yourself or for employees to make it more difficult for attackers to breach your systems.

1. Industry-grade screen security

You never know who is watching your screen, and some information is not meant to be seen by everyone. Although employees should be powering off machines if they are away from them, they often forget.

Look for laptops like the Acer TravelMate P6 that feature tools for mitigating this risk. The built-in Acer User Sensing technology allows for accurate detection of people based on range and movement, and keeps your data safe by locking the screen when you leave.

When you return, you can quickly log back in with the optional IR webcam that uses biometric facial recognition software, or the fingerprint reader located on the power button.

This is called Power-on-Authentication and saves you time trying to remember and enter passwords when you’re on the clock. Not only that, but the Acer TravelMate P6 has a convenient camera shutter that can be slid across the webcam for extra security.

Furthermore, its Privacy Panel obscures viewing angles beyond 90° when activated, and can be turned off whenever you need to use the full 170° wide viewing angle of the display to share and collaborate. This means no prying eyes and an extra level of privacy for your sensitive data.

Beyond screen security, the TravelMate P6 takes protection a little further and makes it particularly difficult for hackers to get into your system. It includes dTPM (discreet, Trusted performance module) hardware and makes your device basically tamper-resistant.

In other words, if someone tries to remotely unlock your laptop without authorisation, they will be met with the system drive preventing them from even booting up the device.

2. Zero-touch enrolment and security

You could also look for a device that simplifies the security process, making it easier for IT teams to initiate updates and keep all laptops secure.

The Acer ChromeBook Enterprise Spin 714 with Chrome OS enables user management and security on devices without IT teams ever having to touch them.

Chromebooks have multiple layers of built-in protection, including securing the identity of each device with no extra time needed for manual configuration, and access to enterprise-class security, without needing to pay for additional antivirus software.

This is because updates are pushed out regularly to ensure that your computer is up to date with the latest security patches. Better yet, these updates are completely non-disruptive and happen silently in the background. 

Another benefit of Chrome OS is sandboxing, a security feature that runs every program, website, or web application as a separate process in a restricted environment. So, if you accidentally open a harmful website, the threat will be contained to that site and won’t be able to affect anything else on your computer. 

3. Secure data with two-factor authentication

Two-factor or multiple-factor authentication refers to using two or more authentication methods to verify your identity.

This can be something like accessing a folder with your employee ID number, and then being required to verify again that it’s you by clicking on a confirmation email before you’re allowed in.

This is a vital step to secure access to accounts and sensitive information. It’s simple to implement and can make a significant difference, so ensure that it’s enabled.

4. Security doesn’t end with your laptop

Cybersecurity features can only protect you to a certain point. Employees need to be educated on what to avoid, how to treat suspicious content, and how to react in these situations. Stats show that 1-in-3 people will click on a phishing link.

Therefore, you need to educate your employees on the basics of cybersecurity principles, the various types of cyberattacks, and who to report it to if they suspect any malicious intent.

5. Implement VPNs for all connections

By now we know that generic security measures are still vulnerable to attacks. That’s why something like a virtual private network (VPN) connection is so handy.

It provides secure access to your company’s network, allowing your employees to work from anywhere, anytime, with reliable protection against data theft.

By encrypting data traffic, no one is able to spy on your company’s messages, emails, receipts, or even office memes. It’s the perfect barrier between the internet and the employee’s computer.

Securing your company’s personal computers, laptops and mobile devices are more important now than ever before.

Without protection, sensitive information can be easily stolen, leading to loss of confidential or customer data.

Luckily companies like Acer are paving the way with the latest innovations that plug in seamlessly with your current security solutions. Learn more about their ground-breaking laptops and visit the Acer website.