The number of computer malware backdoor cuts Detected data rates in Q2022 XNUMX in South Africa, Kenya and Nigeria increased significantly from the previous quarter, hitting new records and posing challenges for cybersecurity professionals in enterprises and government agencies, revealed the latest Kaspersky Security Network data report for corporate users.
A backdoor is one of the most dangerous types of malware where it provides cybercriminals with remote administration of the victim's machine.
Unlike legitimate remote administration utilities, they install, launch and run invisibly without the user's consent or knowledge.
Once installed, they can be instructed to send, receive, execute and delete files, collect sensitive computer data, log activity and much more.
Recently, Kaspersky discovered a hard-to-detect backdoor called SessionManager which targeted governments and NGOs around the world. This backdoor was configured as a malicious module inside IIS (Internet Information Services), a popular web server published by Microsoft.
SessionManager enables a wide range of malicious activities, from email harvesting to complete control over a victim's infrastructure.
First leveraged in March 2021, this backdoor hit government institutions and NGOs in Africa, South Asia, Europe and the Middle East. Many of the target organizations remain at risk.
BUT: Africa sees huge phishing attacks in Q2 2022
As for the numbers, South Africa saw the most significant increase in backdoor detections from Q1 to Q2 – from 140% to 11.872 cases, with the share of affected users increasing by 10%.
Next is Nigeria, where backdoor detection saw a significant increase of 83% to 2.624 cases, with the share of affected users increasing by 24%.
In Kenya, the number of detections increased in Q2 to 10.300 (53% increase from Q1), and the share of users affected by backdoors increased by 11%.
"Backdoors enable a range of long-unnoticed cyber-espionage campaigns that result in significant financial or reputational loss and can disrupt the victim organization's operations. Corporate systems must be constantly audited and carefully monitored for hidden threats“, said Dr. Amin Hasbin, Head of the Global Research and Analysis Team (GReAT) Middle East, Turkiye and Africa at Kaspersky.
"Threat intelligence powers the Kaspersky Anti Targeted Attack platform, which is an ultimate endpoint detection and response solution that offers all-in-one protection against complex and targeted attacks. It gives cybersecurity teams full visibility into network, web, email, PCs, laptops, servers and virtual machines in public clouds“, He added.
To protect your organization from backdoors, Kaspersky experts recommend:
Focus your defense strategy on detecting lateral movements and exfiltrating data on the Internet. Pay special attention to outbound traffic to detect cyber connections. Back up data regularly. Be sure to access it quickly in an emergency;
Use a solution like Kaspersky Anti Targeted Attack with extended EDR at its core, which helps identify and stop backdoor attacks in the early stages, before attackers reach their targets;
Use a reliable endpoint security solution such as Kaspersky Endpoint Security for Business (KESB) powered by exploit prevention, behavior detection and a remediation engine that is capable of reversing malicious actions. KESB also has self-defense mechanisms that can prevent its removal by cybercriminals.
