Cyber Africa

Top cyber events of 2024 in Africa

January 16, 2025

 

 

8 of the top cyber attacks in Africa in 2024

 

- As we begin 2025, we are dedicating this edition to looking back at some of the major cyber-attacks that took place across the African continent during 2024.

- Over the course of 2024, there have been waves of cyber-attacks across Africa. We chose to share highlights of eight of the major attacks, targeting banks, telecoms, and government institutions across six countries.

- We hope that increasing awareness to some of the major cyber-incidents of the past year across Africa will help our community be prepared to meet the challenges of the new year.

  

The Major Cyber Attacks of 2024 in Africa

 

1. Ransomware Attacks

a. Attack on Telecom Namibia (December 2024, Namibia)

- The Attack: The ransomware groupHunters International infiltrated Telecom Namibia's network infrastructure, successfully extracting 626.3GB of sensitive data affecting 492,633 customers.Following the company's refusal to pay ransom demands, the attackers began leaking the stolen data on social media platforms.

- Impact: The breach exposed critical customer information including identification documents, residential addresses, and banking details, putting customers at risk of identity theft and financial fraud. The incident revealed significant vulnerabilities in the country's telecommunications infrastructure.

- Resolution: Telecom Namibia collaborated with local and international cybersecurity experts to contain the breach and restore their network.

 

b. Attack on the Electricity Company of Ghana (March 2024,Ghana)

 

- The Attack: Cybercriminals deployed ransomware against the Electricity Company of Ghana (ECG), the nation's primary power distributor, encrypting critical operational systems. The attack completely disabled the company's electricity vending capabilities, affecting service delivery across the country.

- Impact: The week-long shutdown resulted in financial losses estimated between GH¢400-500 million ($34-42million) and severely affected the company's operations and millions of customers depending on their services.

- Resolution: Aspart of the ECGs incident response plan, it refused to pay the ransom. The company rebuilt its systems with enhanced security measures and restored the disrupted systems.  

 

c. Attack on the South Africa National Health LaboratoryService (June 2024, South Africa)

- The Attack: A ransomware attack targeted the National Health Laboratory Service (NHLS),encrypting critical systems and destroying backup data. The attack severely compromised the organization's ability to process and distribute laboratory results across South Africa.

- Impact: The incident caused delays in processing millions of medical tests, forced postponement of major surgeries, and required emergency departments to revert to manual processes.NHLS laboratories, serving over 80% of South Africa's population, struggled to maintain essential healthcare services.

- Resolution: NHLS deployed an incident response team and external experts to contain the breach and rebuild affected systems. By mid-August 2024, operations were fully restored, and the organization committed to significant investments in advanced cybersecurity technologies.

2. Data Breaches

a. Hack into the Bank of Uganda (November 2024, Uganda)

- The Attack: The hacking group "Waste" carried out a cyber-attack against the Bank of Uganda, infiltrating its IT systems and initiating unauthorized transfers totaling 62 billion Ugandan shillings ($16.8million) to accounts across multiple countries.

- Impact: The breach resulted in substantial financial losses and raised serious concerns about the security of Uganda's national financial system.

- Resolution: The Bank of Uganda recovered a major share of the stolen funds. The incident prompted a presidential-ordered investigation and led to comprehensive security reforms within the institution.

 

b. Breach into TransUnion South Africa (March 2024, SouthAfrica)

- The Attack: The hacker group N4ughtySecTU breached TransUnion South Africa's systems using compromisedclient credentials, accessing an isolated server containing sensitive personal information of millions of South Africans.

- Impact: The breach exposed personal data of three million South Africans, including identity numbers and financial information. The attackers demanded a $15 million ransom, while the incident triggered intense regulatory scrutiny from South African authorities.

- Resolution: TransUnion refused to pay the ransom and instead invested in comprehensive security upgrades. The company provided identity protection services to affected individuals and implemented enhanced data protection measures as mandated by regulators.

 

c. Breach into MSEA Kenya (December 2024, Kenya)

- The Attack: Cybercriminals infiltrated the Micro and Small EnterpriseAuthority's (MSEA) backup systems, gaining access to sensitive government and organizational data. The attackers attempted to sell database access on the dark web for $100,000.

- Impact: The breach compromised confidential government correspondence, employee records, and business registration details. The incident raised concerns about the security of associated financial institutions and the broader impact on Kenya's small business sector.

·      Resolution: MSEA launched a comprehensive investigation and system security review. The agency implemented enhanced data protection protocols and strengthened its IT infrastructure to prevent future unauthorized access.

 

d.       Flutterwave Nigeria Incident (April 2024, Nigeria)

- The Attack: Attackers executed unauthorized transfers of approximately ₦11 billion ($7 million) from Flutterwave's systems by conducting multiple small transactions across five financial institutions over four days, deliberately staying below standard fraud detection thresholds.

- Impact: The company faced significant financial exposure and operational disruption. The sophisticated nature of the attack, exploiting transaction monitoring weaknesses, raised concerns about payment system vulnerabilities across the fintech sector.

- Resolution: Flutterwave worked with law enforcement and financial institutions to freeze compromised accounts and recover funds. The company implemented enhanced transaction monitoring systems and assured customers that their funds remained secure.

 

 

3. DDoS Attacks

 

a. Attack on Ugandan Telecom Providers (February 2024,Uganda)

- The Attack: The hacktivist group Anonymous Sudan launched coordinatedDistributed Denial-of-Service (DDoS) attacks against major Ugandan mobile providers including Airtel, MTN, and Uganda Telecom, flooding their networks with malicious traffic.

- Impact: The attacks caused widespread service disruptions affecting millions of customers across Uganda. Communication networks experienced significant outages, impacting both individual users and businesses relying on these services.

- Resolution: The affected telecom providers implemented traffic mitigation measures and enhanced DDoS protection systems. The incident led to increased collaboration among regional telecom operators to strengthen their collective defense against politically motivated cyber threats.

b. Increased trend of DDoS attacks

- Although most details of DDoS attacks are not exposed publicly, in 2024, DDoS attacks in Africa spiked and have become widespread across the continent. According to data from Kaspersky, Morocco reported over 61,000 attacks, Egypt over 45,000, and Tunisia around15,000 in the first half of the year.

 

 

Key Lessons Learned: Protecting Your Organization Based on Africa's Major Cyber Attacks in2024

Ransomware

a. The Reality Behind Backups: having backups isn't enough –they must be properly secured.

- Backups must be stored offline and disconnected from the main network

- Organizations need multiple backup copies in different locations

- Regular testing of backup restoration procedures is essential

 

b. The Human Factor - initial access often comes through human interaction. To address this:

- Regular employee training must include real examples and practical exercises

- Security awareness should focus on recognizing and reporting suspicious activities

- All staff, including contractors, need security training

c. System Design for Containment - ransomware can spread rapidly through connected systems, emphasizing the importance of:

- Network segmentation to contain potential breaches

- UtilizeCyber Threat Intelligence to detect ransomware indicators early and implement proactive containment strategies

- Regular system access reviews

- 24/7system monitoring for unusual behavior

Data Breach Prevention

a. Access Management - privileged access can be exploited:

- Implement strict "need-to-know" principles

- Use multi-factor authentication for critical systems

- Monitor privileged accounts closely

 

b. Smart Transaction Monitoring - sophisticated attackers can work around standard monitoring systems:

- Look for patterns across multiple small transactions

- Use AI and machine learning to detect unusual behavior

- Incorporate Cyber Threat Intelligence to identify compromised credentials and emerging access threats

- Track data movement patterns across networks

 

c. Comprehensive Data Protection: data protection requiresmultiple security layers:

- Data encryption at rest and in transit is non-negotiable

- Regular audits of data access and movement

- Clear data classification procedures

- Leverage Cyber Threat Intelligence to anticipate and mitigate evolving DDoS attack patterns

 

DDoS Attack Defense

a. Infrastructure and Partnerships between telecom providersis key for protection from DDoS attacks.

- Network infrastructure must be designed with redundancy

- Organizations need excess bandwidth capacity

- Partnerships with DDoS mitigation providers and national cyber response teams are essential

- Leverage Cyber Threat Intelligence to anticipate and mitigate evolving DDoS attack patterns

 

Most importantly, these attacks demonstrate that cybersecurity isn't just an IT issue – it's a business survival issue. Going into 2025, organizations must view cybersecurity investment as essential infrastructure, and not as optional nice-to-have.

 

We wish you all a healthy, prosperous and safe 2025!

 

Sources:

·      Attack on TelecomNamibia: https://thecyberexpress.com/telecom-namibia-cyberattack/

·      Attack on GhanaElectric Company: https://www.ghanaweb.com/GhanaHomePage/business/ECG-lost-nearly-GH-500-million-due-to-ransomware-attack-Managing-Director-confirms-1948047

·      Attack on the SouthAfrica National Health Laboratory Service: https://therecord.media/south-africa-national-health-laboratory-service-ransomware-recovery

·      Hack into the Bank ofUganda: https://itweb.africa/content/WnxpEv4YRKE7V8XL

·      Breach into TransUnionSouth Africa: https://businesstech.co.za/news/business/763503/information-regulator-nails-transunion-for-massive-data-breach-in-south-africa/

·      Flutterwave NigeriaIncident: https://techpoint.africa/2024/05/16/flutterwaves-11-billion-breach/

·      Breach into MSEA Kenya: https://techwithmuchiri.com/micro-and-small-enterprise-authority-hacked/

·      Attack on UgandanTelecom Providers: https://itweb.africa/content/WnxpEv4YRKE7V8XL

·      Data on increased rateof DDoS attacks in Africa in 2024: https://www.phishprotection.com/phishing/ddos-attacks-spike-as-africa-embraces-rapid-digitization