Page 14 - EngineerIT Nov-Dec 2025
P. 14
CYBERSECURITY
South Africa’s cybercrime
battlefield
By Justin Render
outh Africa is digitising fast. Espionage groups continue to operate, but the financial side of cybercrime is
Small businesses are moving where South Africa feels the most pressure. Ransomware operators have targeted
Sonline, enterprises are the country consistently for years.
extending their cloud footprints and
citizens are increasingly dependent “We’ve seen major entities hit – telcos, aviation, financial services,” he said.
on connected devices. But rapid “South Africa remains one of the most targeted countries in Africa for
digital growth brings exposure, and ransomware-as-a-service.”
exposure is exactly what criminal Alongside ransomware, InfoStealers and banking Trojans are rising sharply.
groups look for.
The surge in InfoStealers
To get a clear reading of the threat InfoStealers exploit everyday habits. Their purpose is simple:
landscape, I spoke with Maher extract browser data, saved passwords and cookies.
Yamout, Lead Security Researcher “People rely on convenience and save passwords in
at Kaspersky’s Global Research and browsers,” Yamout said. “Those passwords are stored
Analysis Team (GReAT). His team locally in cleartext. If an InfoStealer infects your machine,
tracks more than 900 active threat it can decode and extract them.”
groups across the world, giving him
a direct view of the patterns shaping Attackers distribute them through:
attacks in the region. • phishing emails
• trojanised or backdoored installers
A threat picture that never resets • cracked software downloads
Some categories of cybercrime
remain constant. They surge, they dip,
but they never disappear.
“Advanced persistent threat groups Maher Yamout,
will always come back,” Yamout said. Lead Security Researcher at
“Their intent doesn’t change. What Kaspersky’s Global Research and
changes is their capability.” Analysis Team (GReAT)
14 | EngineerIT November/December 2025
