CyberPlural Annual Cybersecurity Report 2023: Key Insights and Trends

CyberPlural, a leading MSSP provider in Africa, has released its second edition of the annual cybersecurity report, covering the major events, incidents, and insights observed by its team throughout 2023. The report also provides a cyber outlook for 2024, highlighting the anticipated challenges and opportunities in the cyber landscape.

Some of the key insights and trends from the report include:

• Red Team Operations: The report reveals critical security vulnerabilities across various sectors, such as default account usage, plaintext storage of credentials, and outdated technology. The report emphasizes the need for robust security controls and proactive measures to prevent unauthorized access and data breaches.
• Ransomware Groups: The report explores the activities of notorious ransomware groups such as ALPHV and Mallox, who have targeted key players in Nigeria’s telecommunications, insurance, construction,and betting sectors, as well as federal agencies. The report underscores the persistent and impactful presence of these groups in the country’s cyber ecosystem and the urgent need for enhanced data protection measures.
• Info Stealer Malware: The report highlights the growing threat of info stealer malware, which is designed to steal sensitive information from compromised systems. The report reveals that several SOC teams have reported activities related to this malware targeting organizations in Nigeria, and that stolen credentials have been found on the dark web. The report stresses the importance of cybersecurity awareness and training among employees, as well as the implementation of strong and efficient cybersecurity measures.
• Phishing Threats: The report examines the phishing threats targeting unsuspecting users in Nigeria, Ghana, and Kenya, leveraging government initiatives and schemes to collect PII. The report identifies a fraudulent INEC recruitment portal as one of the examples of these threats, and advises users to be cautious and not to share links whose sources cannot be verified.
• Fintech & Utility Apps: The report addresses the security risks in fintech and utility apps, such as input validation, race condition, and data leakage vulnerabilities. The report recommends thorough testing, secure coding practices, and ongoing security assessments to identify and mitigate such risks.

The report also provides a cyber outlook for 2024, projecting the development of cryptocurrency-related platforms, the persistence of data collection activities, the increase in network-wide ransomware incidents, the advancement of data protection and privacy landscape, and the use of AI by both cyber threat actors and defenders.

The CyberPlural Annual Cybersecurity Report 2023 is a valuable resource for anyone interested in the state of cybersecurity in Africa and beyond. It offers a comprehensive overview of the cyber landscape, as well as actionable recommendations and best practices to enhance cybersecurity posture and resilience.