Check Point Software Technologies, a leading AI-powered cloud-delivered cybersecurity provider, has published its Global Threat Index for September 2024. This report unveils emerging and worrying use of artificial intelligence (AI)-driven malware techniques, alongside persistent ransomware campaigns, with notable rankings for African nations.

In this month's findings, researchers uncovered a cyber-attack method likely created using AI, delivering AsyncRAT malware, which ranked 10th on the list of most prevalent malware globally. This discovery highlights a growing trend of cybercriminals leveraging AI to craft malware more efficiently, making the digital landscape even more dangerous for organisations worldwide.

"The rise of AI-driven threats underscores the evolving sophistication of cyber-attacks," Maya Horowitz, VP of Research at Check Point Software, notes: "AI's involvement in cyber-attacks reveals a new frontier in the cybersecurity battle. Organisations need to prioritise advanced prevention methods and robust defences to keep pace with the rapid evolution of cyber tactics."

South Africa Strengthens Cyber Defences, Climbing to Second Safest in Africa

South Africa has made a significant leap in its cybersecurity standing, moving from 67th to 73rd in the global threat index. With a Normalised Risk Index of 37, it now ranks as the third safest country in Africa, showing notable improvements in its defences against rising cyber threats. Egypt and Zambia lead as the safest African countries in terms of malware threats, ranking 97th and 82nd respectively among the 110 countries surveyed in the Index.

Key African countries in the top 20 rankings include:

    Ethiopia: Ranked 2nd globally with a high-risk index of 95.4, showing the urgent need for stronger cyber defences.
    Angola: Placed 5th globally with a risk index of 75.5, reflecting high vulnerability.
    Mali: Holding 11th place globally, showing the continent's significant exposure to cybersecurity risks.
    Botswana: Ranked 19th globally, with cybercriminals increasingly targeting its systems.

"These rankings highlight the varied cybersecurity readiness across the African continent, with some nations making progress while others face growing challenges. South Africa's rise to the third-safest African nation underscores its commitment to improving its cybersecurity defences,"  says Issam El Haddioui, Head Engineering Security Sales: Africa.

Top Malware and Ransomware Trends

Globally, FakeUpdates (SocGholish) remains the most prevalent malware, impacting 7% of organisations worldwide, followed by Androxgh0st and Formbook. Meanwhile, RansomHub continues to dominate the ransomware scene, responsible for 17% of all reported ransomware attacks globally, with a particularly aggressive focus on Windows, macOS, Linux, and VMware ESXi environments.

In South Africa, 11.06% of malware attacks were attributed to FakeUpdates, followed by QBot at 6.97%. Qbot, also known as Qakbot, is a sophisticated and multifunctional malware that emerged as a banking trojan in 2007. Over the years, it has evolved to facilitate a range of cybercriminal activities, including credential theft, ransomware delivery, and enabling backdoor access to compromised systems. Since December 2023, there has been a noticeable resurgence, with threat actors experimenting with new builds. Qbot's distribution main methods are phishing campaigns targeting specific industries, exploiting vulnerabilities, and adapting to various infection vectors including malvertising.

Emerging Threats: AI and Ransomware Evolution

Researchers also noted a critical trend in ransomware operations. RansomHub, a Ransomware-as-a-Service (RaaS) group, maintained its position as the top ransomware group, responsible for 17% of the posted attacks on ransomware "shame sites." However, what stands out this month is the rise of AI-driven attacks.

"Cybercriminals are now using generative AI to develop malware, significantly lowering the technical barrier to creating sophisticated malware strains. One such example is the AsyncRAT campaign, where AI likely helped structure the malicious code," El Haddioui says, "The fact that threat actors are integrating AI into their malware development process shows how rapidly cybercriminals are evolving. This trend is reshaping the entire threat landscape, making AI-driven security solutions more crucial than ever."

Top-Attacked Industries Globally

Education and research institutions continue to face the brunt of cyberattacks, followed closely by government/military organisations and the healthcare sector. These industries remain high-value targets due to the sensitive data they manage, making them prime targets for both ransomware and AI-driven malware.

Follow Check Point via:

LinkedIn: https://www.linkedin.com/company/check-point-software-technologies

X: https://www.twitter.com/checkpointsw

Facebook: https://www.facebook.com/checkpointsoftware

Blog: https://blog.checkpoint.com

YouTube: https://www.youtube.com/user/CPGlobal

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading AI-powered, cloud-delivered cyber security platform provider protecting over 100,000 organizations worldwide. Check Point leverages the power of AI everywhere to enhance cyber security efficiency and accuracy through its Infinity Platform, with industry-leading catch rates enabling proactive threat anticipation and smarter, faster response times. The comprehensive platform includes cloud-delivered technologies consisting of Check Point Harmony to secure the workspace, Check Point CloudGuard to secure the cloud, Check Point Quantum to secure the network, and Check Point Infinity Core Services for collaborative security operations and services.