Backdoor computer malware in Africa in the second quarter of 2022 hits new highs

0

According to Kaspersky (www.Kaspersky.co.za) Security Network data for enterprise users, the number of backdoor computer malware detected in the second quarter of 2022 in South Africa, Kenya and Nigeria increased significantly by compared to the previous quarter, reaching new records and posing challenges. cybersecurity professionals in businesses and government agencies.

A backdoor is one of the most dangerous types of malware. Backdoors allow cybercriminals to remotely administer the victim’s machine. Unlike legitimate remote administration utilities, backdoors install, launch, and run invisibly, without the user’s consent or knowledge. Once installed, backdoors can be responsible for sending, receiving, executing and deleting files, collecting confidential computer data, logging activity, and more.

Recently, Kaspersky discovered a hard-to-detect backdoor (https://bit.ly/3K1GnTV) called SessionManager that targeted governments and NGOs around the world. This backdoor was implemented as a malicious module within Internet Information Services (IIS), a popular web server published by Microsoft. SessionManager enables a wide range of malicious activity, from email harvesting to complete control of the victim’s infrastructure. First exploited in March 2021, this backdoor hit government institutions and NGOs in Africa, South Asia, Europe and the Middle East. Many targeted organizations remain at risk.

South Africa saw the largest increase in the number of backdoor detections between the first and second quarters: by 140% to 11,872 cases, with the share of affected users increasing by 10%. It was followed by Nigeria – backdoor detection saw a significant increase of 83% to 2,624 cases, with the share of affected users increasing by 24%. In Kenya, the number of detections increased in Q2 to 10,300 (53% increase from Q1), and the share of users hit by backdoors increased by 11%.

“Backdoors enable a series of long, undetected cyber espionage campaigns that result in significant financial or reputational loss and can disrupt the operations of the victim organization. Enterprise systems must be constantly audited and carefully monitored for threats hidden,” comments Dr. Amin Hasbini, Head of Global Research and Analytics Team (GReAT), Middle East, Turkey and Africa Region at Kaspersky. “Getting insight into active cyber threats is critical for businesses to protect their assets, and threat intelligence is the only component that can enable reliable and rapid anticipation of complex backdoors. Threat Intelligence powers the Kaspersky Anti Targeted Attack Platform, which is a detection and response solution that provides all-in-one protection against complex and targeted attacks. It gives cybersecurity teams complete visibility into network, web, email, PCs, laptops, servers and virtual machines in public clouds.”

To protect your organization from backdoors, Kaspersky experts recommend:

Focus your defense strategy on detecting lateral movement and data exfiltration to the internet. Pay close attention to outbound traffic to detect cybercriminal connections. Back up data regularly. Make sure you can access it quickly in case of an emergency.

Use a solution like Kaspersky Anti Targeted Attack (https://bit.ly/3dB4HQp) with extended EDR at its core, which helps identify and stop backdoor attacks in the early stages, before attackers do not achieve their goals.

Use a reliable endpoint security solution, such as Kaspersky Endpoint Security for Business (KESB) (https://bit.ly/3QxuCH8) which is powered by exploit prevention, behavior detection and a remediation engine capable of cancel malicious actions. KESB also has self-defense mechanisms that can prevent its removal by cyber criminals.

(With contributions from APO)

Share.

Comments are closed.