Beware! Cyber-attacks, threats on the prowl | #cybercrime | #infosec

In an increasingly interconnected world, Nigeria, like many countries, finds itself grappling with the pervasive and evolving threat of cybercrime. The rapid adoption of digital technologies, while fueling economic growth and innovation, has opened new avenues for illicit activities, ADEYEMI ADEPETUN writes.

Nigeria’s rapidly expanding technology sector, while a significant engine of socio-economic growth, has become an increasingly attractive tool for cybercriminals. The country’s digital transformation, marked by a surge in mobile subscriptions, digital financial services and cloud-dependent operations, has inadvertently created a more intricate and susceptible landscape for cyber incursions.
 
From sophisticated financial frauds and identity theft to cyberstalking to exploitation of critical infrastructure, the menace of cybercrime is fast posing significant risks to individuals, businesses and national security. Tackling the complex challenge requires a multi-faceted approach, encompassing robust legal frameworks, enhanced enforcement capabilities, widespread public awareness and strong international collaboration.

The escalating threat landscape
THE Nigerian digital space is under constant assault from a variety of sophisticated cyber threats. The threats are evolving rapidly, with cybercriminals leveraging advanced techniques to exploit vulnerabilities and cause significant financial and operational damage.
 
About two weeks ago, the Interpol detected 3,459 ransomware threats in Nigeria, ranking it the third most prone country to cyberattacks in 2024.
 
In its 2025 Africa Cyberthreat Assessment Report, Interpol highlighted how cyber-enabled criminal activity is evolving rapidly across Africa.
 
According to Interpol, cybercriminals have not ceased to unleash attacks, especially in the region, with attacks almost daily, stressing that Africa’s growing digital landscape is becoming a target for sophisticated cybercrime operations.
 
The international criminal police organisation noted that private sector partners showed a notable rise in monthly ransomware detections in 2024.
 
Interpol listed 10 targeted countries, including: Egypt, 17,849 ransomware threat detections, South Africa, 12,281 detections, Nigeria, 3,459 detections, Kenya, 3,030 detections and The Gambia, with 1,729 detections. Others are Ghana, 1,671 detections; Tunisia, 1,232 detections; Algeria, 1,117 detections; Morocco, 1,076 detections and Ethiopia with 953 detections.
  
According to the report, online scams, BEC, ransomware and sextortion are the continent’s most dangerous cyberthreats. However, Interpol noted that the methods and impact vary significantly based on each region’s infrastructure, security protocols and digital literacy.
 
The report noted that ransomware attacks caused substantial financial and operational damage across Africa in 2024, affecting key sectors including finance, energy, infrastructure, government and telecommunications.
 
Interpol warned of a worrying increase in cybercrime on the African continent, stressing that ‘two-thirds of African member countries reported that cybercrime accounts for a medium or high proportion of total reported crime.’

Why Nigeria remains a hot spot
ACCORDING to the Chief Technology Officer at Deimos, a hybrid multi-cloud solution firm, Jaco Nel, so many things make nations particularly vulnerable.
 
Nel said Nigeria and South Africa are particularly vulnerable to cyber threats due to their economic prominence, high Internet adoption, and rapid digital transformation, among others.    
  
According to him, as two of Africa’s largest economies, they host significant financial activity and rely heavily on digital platforms, making them prime targets for cybercriminals seeking financial gain.
 
He said Nigeria has a massive and growing online population, while South Africa boasts one of the highest Internet penetration rates on the continent, saying this widespread connectivity increases the attack surface for malicious actors.
 
Nel said both countries also face challenges with outdated infrastructure and legacy systems, which are more susceptible to exploitation.
 
According to him, while their rapid digital adoption is a strength, it also leaves gaps in security preparedness, creating opportunities for sophisticated threat actors, including organised cybercrime groups and state-sponsored attackers.

Changing forms of attacks
INDEED, in the 2025 Africa Cyberthreat Assessment Report, Interpol noted that more than 30 per cent of crimes reported in West and East Africa relate to online criminal activity. Among the most frequent threats are digital scams, ransomware attacks (malware that restricts access to files or systems), business email impersonation and ‘sextortion’.
 
Nigeria and the region are also prone to Phishing, data breaches, financial fraud, Denial-of-Service (DoS) and hacking, among others.
 
The most rampant is ransomware. It is malicious software that encrypts a victim’s data or computer systems, demanding a ransom for its release. Nigerian organisations, particularly in sectors like healthcare and finance, have been increasingly targeted, leading to disruptions in services and substantial data loss. Reports indicated that 71 per cent of Nigerian firms experienced ransomware in 2022, with some paying millions of dollars to recover their data.
 
Interpol noted that ransomware detections in Africa also rose in 2024, with South Africa and Egypt suffering the highest number, at 17,849 and 12,281 detections respectively, according to data from Trend Micro, followed by other highly digitised economies such as Nigeria (3,459) and Kenya (3,030).
 
Incidents included attacks on critical infrastructure, such as a breach at Kenya’s Urban Roads Authority (KURA) and on government databases, such as hacks of Nigeria’s National Bureau of Statistics (NBS).
 
According to it, BEC-related incidents also rose significantly, with 11 African nations accounting for the majority of BEC activity originating on the continent. In West Africa, BEC fraud has driven highly organised, multi-million-dollar criminal enterprises such as the transnational syndicate Black Axe.

The challenge of enforcement
WHILE noting that there are law enforcement challenges in Africa, Interpol noted that cybercrime continued to outpace the legal systems designed to stop it, according to African law enforcement. It stressed that 75 per cent of countries surveyed said their legal frameworks and prosecution capacity needed improvement.
 
The report noted that at the same time, countries also reported struggling to enforce the existing laws on cybercrime, with 95 per cent of respondents reporting inadequate training, resource constraints and a lack of access to specialised tools.
 
Despite rising caseloads, Interpol said most African member countries surveyed still lack essential IT infrastructure to combat cybercrime. Just 30 per cent of countries reported having an incident reporting system, 29 per cent a digital evidence repository and 19 per cent a cyber threat intelligence database.
 
In Nigeria, the Cybercrime Act was enacted in 2015 and was subsequently amended in 2024, but there is still the issue of weak enforcement and lack of technical expertise, misuse and abuse, poor inter-agency coordination, broad language and ambiguity, slow justice, as well as limited public awareness.

Tackling the menace going forward
TO effectively address the rising cyber-attack incidents in Nigeria, a multi-faceted approach is needed. This includes strengthening cybersecurity legislation, investing in advanced technologies, promoting public awareness, fostering local cybersecurity expertise, and enhancing collaboration between the public and private sectors.
 
A cybersecurity expert, Ademola Adekunle, said nations and organisations should embrace collaboration and information sharing on cyber breaches.
 
According to him, keeping silence on the part of organisations that had been attacked would not help others, stressing that full disclosure, synergy and information sharing on reported cyber-attacks and how it was managed would guide other organisations to put preventive and countermeasures in place.
 
He called on organisations to constantly upgrade their technology to counter cyber-attacks, urging them to have data backups.
 
Adekunle further emphasised the need to build cybersecurity intelligence quotient, which will comprise Augmented Intelligence to check what is happening on the system in real-time, Anticipatory Intelligence to analyse what could happen, and Assistive Intelligence to determine what needs to be done.