Africa has become the most targeted region globally for cyber-attacks in the first quarter of 2025, according to new research from Check Point Software Technologies.
The company’s Q1 2025 Global Cyber Attack Report reveals a steep rise in malicious activity as the continent continues to accelerate its Digital transformation.
Ethiopia emerged as the most targeted country in Africa during the reporting period. FakeUpdates ranked as the most common malware, while 80% of malicious files across the continent were delivered via e-mail. In contrast, 62% of threats in SA were distributed via the web.
On average, organisations in Africa faced 3 325 cyber-attacks per week – a staggering 72% above the global average of 1 938 attacks per organisation.
Check Point Software unpacked the findings at a media roundtable in Johannesburg. Eli Smadja, global research group manager at Check Point, provided a detailed overview of Africa’s evolving cyber threat landscape, which he said is increasingly defined by AI-powered threats, ransomware, infostealers, edge device vulnerabilities and cloud-based risks.
Among the most concerning developments was the discovery of a previously undocumented multi-stage backdoor, dubbed Stealth Soldier, currently being deployed in cyber operations targeting North African government entities. The malware forms part of a broader command-and-control infrastructure used in spear-phishing campaigns.
Smadja noted a growing trend in malware designed to bypass AI detection systems.
“These aren’t aimed at advanced large language models (LLMs), but rather at lower-level ones,” he said. “It’s about LLM evasion – fooling the AI and manipulating prompts.”
Despite the increasing use of AI in cyber security, Smadja cautioned against over-reliance on AI-driven defence systems. “AI still requires human prompting.”
Check Point is advocating for a zero trust model and a holistic, automated and consolidated approach to cyber security. This includes centralised threat visibility and simplified controls to protect against ransomware, phishing, data theft and vulnerabilities at the edge.
“Just having something at the perimeter isn’t enough,” Smadja said. “Cyber-attacks are not just targeting PCs or servers anymore. For instance, we’ve seen state-sponsored attacks aimed at fuel pumps to disrupt national supply chains.”
He highlighted the importance of understanding external risk – threats originating outside the organisation – especially as AI-driven ransomware and attacks on third-party service providers continue to rise.
“Printers, for example, are a major attack vector,” he added. “They’re often network-connected, and threat actors can exploit them to gain broader access.”
Credentials, Smadja noted, are also a lucrative commodity on the dark web, often selling for around $500.
