When it comes to cybersecurity, the country’s efforts have been applauded, with Ghana being endorsed as a cybersecurity champion for the West African region in 2019 by the Economic Community of West African States.
Within the region of 16 countries, where the average internet penetration was 32.3% at the start of 2021, Ghana’s population is one of the most connected, with 50% of its citizens able to get online. Comparatively speaking, Ghana has done well in protecting these online users when looking at efforts across the continent. Check Point Research recorded that it had the second-lowest number of weekly cyber-attacks per organisation amongst 14 countries surveyed across Africa last year.
The country’s concerted efforts in dealing with cybercrime were reflected in attack statistics recorded over the last six months in the latest Check Point Research Threat Intelligence Report for Ghana. While the global average for the number of attacks experienced per business each week is 930, this figure is 222 for Ghana – that’s 76% fewer cyber-attacks.
“However, the aim in all digital economies is not only to stop attacks when they’re discovered, but to proactively prevent them from happening,” says Pankaj Bhula, Regional Director for Africa at Check Point Software Technologies. “For businesses in Ghana, this means focusing on a few areas of vulnerability by considering the types of malware attacks the country has experienced the most.”
Botnets delivering blows to Ghana’s businesses
The report found that 6.7% of businesses in Ghana were impacted by botnets each week, which is higher than the global average of 5.6% for this type of malware. Similarly, Ghanaian companies suffered an average of 11.1% cryptominer attacks weekly, which is far higher than the 4.3% global average.
Check Point Software Technologies explains that a botnet is a network of computers, usually controlled via a command-and-control (C&C) server, to carry out cybercrime including DDoS attacks, Bitcoin mining, and mail spam. A single compromised computer in the network is referred to as a ‘bot’ when it executes malware that has penetrated the system.
In Ghana, the Glupteba botnet was the most common malware attacking businesses over the last month. Globally, it impacts an average of 2% of companies, but in Ghana 8% of enterprises fell victim to it. This malware was first discovered by cybersecurity experts in 2011 and, by 2019, it had matured to include a C&C server address-update mechanism through public Bitcoin lists, making the botnet hard to detect and remove. It also evolved to include an integral browser-stealer capability in which a criminal can control the victim’s browser, and a router exploiter, which gives the botnet the ability to infect additional devices.
Cryptominers, also known as cryptojackers, illegally gain access to a victim’s device to tap into its computing power to generate cryptocurrency, notes Interpol. The victim unwittingly installs a malicious program onto their device by clicking on an infected email link or website, giving the criminal access. Interpol highlights that, while the crime seems “harmless… since the only thing ‘stolen’ is the power of the victim’s computer… it can increase costs for the businesses affected because coin mining uses high levels of electricity and computing power.”
XMRig crypto-mining software was in the top-five list of the malware most used in attacks on Ghana’s businesses over the last month. The report noted that the impact of this malware on the country is double the global average.
How businesses can better protect themselves
“To protect your business against cyber-attacks from any kind of malware, the following five tips should be followed,” says Bhula.
Secure every attack surface and vector in your business: organisations need broad cybersecurity coverage. This has become critical in today’s multi-hybrid environment where the perimeter is now everywhere. Email, web browsing, servers, and storage are merely the basics. Cybersecurity should protect these and much more. Mobile apps, cloud and external storage are essential, so is compliance of connected mobile and endpoint devices, and your growing IoT-device estate. Workloads, containers, and serverless applications on multi- and hybrid-cloud environments should always be part of the security check list.
Apply security patches: cyber-attacks penetrate networks by leveraging known vulnerabilities where a patch is available but has not been applied. Organisations must ensure up-to-date security patches are maintained across all systems and software.
Segment your networks: networks should be segmented, applying strong firewall and IPS safeguards between the network segments. This contains infections from propagating across the entire network.
Educate employees on cybersecurity: quite often, user awareness can prevent an attack before it occurs. Take the time to educate your users and ensure that if they see something unusual, they report it to your security teams immediately. User education has always been a key element in avoiding malware infections.
Implement advanced security technologies: there isn’t a single silver-bullet technology that can protect organisations from all threats and all threat vectors. However, there are many great technologies available, leveraging machine learning, sandboxing, anomaly detection, content disarmament, and more. Each of these technologies can be highly effective in specific scenarios, covering specific file types or attack vectors. Two key components to consider are threat extraction (file sanitisation) and threat emulation (advanced sandboxing). Each element provides distinct protection that, when used together, offer a comprehensive solution for protection against unknown malware at the network level and directly on endpoint devices.
