Ethiopia is the most frequently targeted country by malware, as cybercriminals continue to use legitimate platforms to avoid detection while establishing persistence.
This is according to Check Point’s Global Threat Index for February 2025, which shows the rise of AsyncRAT, a remote access Trojan (RAT) that is still evolving as a significant threat in the cyber landscape.
Zimbabwe, Uganda, Nigeria, Angola, Kenya, Mozambique and Ghana are among the top 20 most targeted countries. South Africa ranked 59th with a Normalised Risk Score of 40, down from 66th last month.
According to security analysts at Check Point, AsyncRAT is increasingly being used in cybercrime activities, with malware distributed through platforms such as TryCloudflare and Dropbox.
Clop remains a major player in the ransomware space, using a “double extortion” approach to threaten victims with public disclosure of stolen data in exchange for a ransom, the report said.
According to the company, this reflects the growing practice of exploiting legitimate platforms to bypass security measures and maintain persistence on targeted networks.
According to the cybersecurity firm, attacks often begin with phishing emails that include Dropbox URLs, followed by a multi-step infection process that uses LNK, JavaScript and BAT files.
"The cybersecurity landscape in South Africa reflects the broader challenges facing Africa. With the increasing digital transformation in critical sectors such as finance, education and government, we are also seeing a sharp increase in sophisticated cyber threats.”, says Lionel Dartnall, SADC Country Manager, Check Point Software Technologies.
"Cybercriminals are taking advantage of legitimate platforms to deploy malware and avoid detection. Organizations must remain vigilant and implement proactive security measures to mitigate the risks of such evolving threats.”, adds Maya Horowitz, vice president of research at Check Point Software.
