The incidence of South African businesses that came under attack from a particularly dangerous type of malware increased by 140% between the first and second quarters of this year, according to cybersecurity and anti-virus provider Kaspersky.
It said the share of affected users increased by 10%.
In a statement last week, Kaspersky said what is known as a “backdoor” is one of the most dangerous types of malware.
“Backdoors provide cybercriminals with remote administration of a victim’s machine. Unlike legitimate remote administration utilities, backdoors instal, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoors can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity, and more,” Kaspersky said.
It said South Africa was one of three African countries where backdoor malware has increased significantly. The other two were Nigeria and Kenya.
In South Africa, 11 872 cases of backdoors were detected.
“Backdoors enable a series of long, unnoticed cyberespionage campaigns, which result in significant financial or reputational losses and may disrupt the victim organisation’s operations. Corporate systems should be constantly audited and carefully monitored for hidden threats,” said Amin Hasbini, the head of Kaspersky’s global research and analysis team for the Middle East, Turkey and Africa.
“Gaining insights into active cyber threats is paramount for companies to protect their assets, and threat intelligence is the only component that can enable reliable and timely anticipation of complex backdoors,” he said.
Kaspersky said it recently discovered a hard-to-detect backdoor dubbed SessionManager that targeted governments and NGOs around the globe. This backdoor was set up as a malicious module within the Internet Information Services (IIS), a popular web server edited by Microsoft.
SessionManager enables a wide range of malicious activities, from collecting emails to complete control over the victim’s infrastructure. First leveraged in March 2021, this backdoor hit government institutions and NGOs in Africa, South Asia, Europe and the Middle East. Many of the targeted organisations remain at risk, Kaspersky said.