Interpol cyberthreat assessment for South Africa

Interpol has released its African Cyberthreat Assessment Report for 2024, which shows how ransomware, catfishing, and sextortion scams have emerged as significant threats to African individuals and organisations.

The report was created based on operational data from Interpol’s activities on the continent and a survey covering 40 African countries.

The global policing force notes that attacks are evolving more rapidly and becoming highly sophisticated, with over two-thirds of respondents saying that cyber-related crimes remain a medium to high risk in their jurisdiction.

They estimate a 23% year-on-year increase in the average number of weekly cyberattacks in 2023.

This is because threat actors are changing their approach and relying on more sophisticated means, such as social media and artificial intelligence (AI).

Malware and crimeware-as-a-service have been the most common means of attack in past reports, with people falling victim to banking trojans, phishing, and online scams.

However, ransomware became a trend in 2023 and emerged as one of Africa’s most serious cyber threats as attackers have started changing their modus operandi.


In Sophos’ State of Ransomware in South Africa report, the average ransom paid by companies in 2023 was R17.9 million.

Cybersecurity firm Check Point found that, according to the report, one out of every 15 firms in Africa experienced a ransomware attempt every week during the first quarter of 2023.

The global weekly average was 1 out of 31.

Critical infrastructure was also in the crosshairs, as threat actors targeted nearly half of the respondents with attacks against government infrastructure, hospitals, and Internet Service Providers (ISPs).

RSAWeb became the victim of a “highly sophisticated” ransomware attack that took down the ISP’s whole network in early February 2023.

The African Union also experienced a significant attack by the BlackCat group, which Interpol eventually mitigated.

Interpol also quoted Kaspersky, which detected over 300 attempted ransomware attacks in South Africa in one day in 2023

Business email compromise

Interpol defines business email compromise (BEC) as a cybercrime that attacks organisations and individuals using email fraud.

These attacks are becoming increasingly popular, with Microsoft reporting that it investigated 35 million BEC attempts globally between April 2022 and April 2023, which is 156,000 a day.

The financial impact of this is believed to be as high as $50 billion (R923.7 billion).

Companies found to be at the highest risk of these attacks conduct business abroad and frequently carry out financial transactions.

The financial sector was found to be hit the hardest by BEC attacks.

Interpol lists the following as the top five BEC modus operandi across African countries:

  1. Data theft
  2. Account compromise or system breach
  3. CEO impersonation
  4. Government, law enforcement or attorney impersonation
  5. Bogus invoice scheme

The severity and frequency of these attacks increased significantly in South Africa in 2016, with attorney impersonation becoming prominent.

Attacks targeting property buyers and their conveyancing attorneys were particularly lucrative for criminals.

Because these attacks occurred so frequently, the Attorneys’ Insurance Indemnity Fund decided to no longer cover cybercrimes from 1 July 2016.

South Africa’s High Court heard precedent-setting cases involving BEC fraud in 2023. In one case, a Gauteng attorney was found liable for paying his clients R1.4 million after transferring their money to a fraudster’s account.

PSG Wealth Financial Planning was also ordered to pay a client more than R800,000 stolen by fraudsters through an email compromise.

Romance scams

Romance scams involve attackers faking romantic relationships or intimate friendships with victims for financial gain.

In the report, African countries noticed an increase in both catfishing and sextortion, two forms of attacks that are classified as romance scams.

Catfishing involves creating a fake online persona using false profile information and images.

This is then used to build a trusted relationship with victims before manipulating them into sending them money.

Sextortion, on the other hand, is the same as catfishing; however, it uses the leverage of the superficial relationship to encourage the victim to send intimate or sexually explicit information.

Attackers are also using AI to increase the sophistication of this attack by creating deep fake images and authentic-looking profiles with tools such as “LoveGPT.”

Pig butchering

One of the fastest emerging cyber threats, pig butchering, was reported in over a third of African countries in 2023.

It involves elements of cryptocurrency investment fraud and romance scams.

The attack involves catfishing victims using fake social media accounts such as WhatsApp, Facebook, Instagram, Telegram, and dating apps.

The threat actor slowly gains the victim’s trust while posing as an investment, attempting to convince them to invest in “profitable cryptocurrency ventures.”

Once the victim starts catching onto the scam or the attacker believes the attack has run its course, they will disappear and break contact.

The victim’s funds are often converted using cryptocurrency platforms to make tracking it as difficult as possible.

Other online scams

Other online scams have also become particularly popular in Africa, alongside ransomware attacks.

This is due to the potential for financial gain and the volume at which these scams can be conducted.

These scams usually involve a combination of phishing, malware, and social engineering techniques and are conducted to steal money or personal information.

Phishing scams were particularly prevalent, primarily when used with email or social media.

In this case, attackers impersonate legitimate organisations or entities to steal personal information, including login credentials and financial details.

“While the primary goal of phishing is to exploit human psychology to access valuable data or assets, in practice, phishing attacks often act as a gateway for other cybercrimes, including ransomware and various online scams,” the report states.

Interpol said smartphone attacks such as banking trojans and mobile phishing are becoming increasingly common, specifically in Southern Africa.

This is due to people’s increased reliance on smartphones for their banking needs.

How African countries have responded

Although the African continent was hit hard by increased cyberattacks in 2023, countries did strengthen their resilience against the threat.

Interpol said 10,490 arrests were made from January to December 2023 by nineteen countries.

These countries only comprise 35% of the continent, so more arrests could have been made that were never reported.

It highlighted that underreporting does remain an issue as it obstructs law enforcement from acting on these issues.

Collaboration between law enforcement and key stakeholders, such as the private sector, remains a problem.

However, over 60% of countries considered in this report did deploy campaigns to warn individuals and companies about the threat of BEC.

African countries are starting to adopt new cybercrime-related legislation, with Interpol noting 12 countries engaging in this process over the past two years.

Interpol said insufficient cyber hygiene continues to undermine cyber resilience across the continent, as many African organisations and individuals still show low levels of preparedness against cyberattacks.

Latest news

Partner Content

Show comments


Share this article
Interpol cyberthreat assessment for South Africa