Just last week an African Union cybersecurity group listed serious cyber issues affecting Africa and on top of the list was the vital role of mobile technology, software issues, signaling, and the users themselves. This was in a Zoom Webinar organized by the African Union Commission “Webinar on Cybersecurity in Africa: Rising for the new challenge”.
The panelist viewed the technology assets amid the covid-19 ‘pandemic, as businesses and governments are increasingly relying on digital technologies’ ushered into ‘corresponding growth in vulnerability to attacks, misinformation, and fraud.’
And Africa has not been spared given the technology readiness to support the new normal including remote working which is nonexistent.
The vulnerabilities have increased even with insider threats and the rise of business email security phishing scams. That too is coupled with mobile device scams such as the prevalent Mobile Money scams in Zambia. Mobile money users are frequently tricked by sending money to unknown agents in the name of helping a stranded colleague.
Cyber Issues In Africa
Summarising on the list of the cyber security issues affecting Africa are
Open DNS, Open SNMP, Open Recursive DNS, Open NTP
- Increase of lot devices added to Botnets
- Mobile devices without OS update/cannot received OS updates
- User data exposure
- Lack of basic hygiene
- Lack of awareness, use of BCOP for network operations or secure design
- 2G, 3G and old telecoms technologies are still in use in most part of Africa.
- Call tapping attempts are successful
- Bypass of SS7 firewall and protection. SS7 is a common channel signaling system used in international and local telephone networks.
- SMS messages intercept. I remember one time a number i administered was vulnerable to these intercepts. Been the administrator i requested a SIM SWOP after an employee left but to my surprise, I was able to use the SIM while i could see communication from the original user.
- High-risk vulnerabilities in every application audited. Insecure Facebook apps that gain access to your mobile device
- Licensing issues (unlicensed Microsoft Office, Adobe Reader Pro, and conflicting licenses, including the right to use etc…)
- Using Components with known vulnerabilities, outdated open-source components