Analysis Summary

A major ransomware attack against Namibia's telecoms operator late last year became a public representation of the convergence of two regional trends: the rise in ransomware threats and the escalation of attacks on vital infrastructure.

Telecom Namibia informed consumers last month that personal data was exposed online as a result of a successful attack by the ransomware-as-a-service (RaaS) group Hunters International. The business is collaborating with law enforcement and outside incident responders to find more information. Although additional assessments have proven that some customer data was exposed, it initially seemed that no sensitive information was compromised. About three weeks ago, the threat was controlled, and additional attacks on the systems and third parties were avoided. However, the company refused to negotiate payment of any ransom demands, so the exposed information was posted on the dark web.

Namibia is not the only country that has been targeted by cybercriminals looking to make money off of compromised infrastructure systems. A ransomware attack on South Africa's National Health Laboratory Service (NHLS) in June caused system disruptions, erased backups, and prolonged recovery times for the government-run network of medical testing labs. Hunters International stole about 18GB of Kenyan Urban Roads Authority (KURA) data in July. The Nigerian Computer Emergency Response Team (ngCERT) issued a warning that same month, saying that the Phobos RaaS group had successfully compromised at least one of the crucial cloud services used by the nation's enterprises.

According to data from a cybersecurity company in the region, ransomware was responsible for one-third of all successful attacks in the region, including attacks on industrial organizations in Egypt and South Africa throughout the year and on energy company Eneo in Cameroon in January 2024. Ten percent of successful attacks were in the manufacturing and telecommunications industries. Rapid digital transition, geopolitical unrest, and insufficient cybersecurity safeguards for vital infrastructure are some of the causes of these attacks. Sectors like telecoms are particularly appealing targets for cybercriminals looking to profit financially or conduct cyber espionage due to the growing volume of user data and developing digital networks.

The tendency will persist in 2025 since the adoption of cybersecurity measures is still lagging behind the quick digitization of various businesses. As a result, there is an increasing yet still vulnerable attack surface area. Cybercriminals and APT groups will continue to target industries including manufacturing, telecommunications, and energy because geopolitical goals, data theft, or financial gain drive them.

Impact

• Information Exposure
• Financial Loss
• Sensitive Data Theft
• Cyber Espionage

Remediation

• Regularly update all software and systems to ensure vulnerabilities are patched promptly.
• Implement robust email filtering to block phishing attempts that may deliver initial infection loaders.
• Utilize advanced endpoint detection and response (EDR) tools to identify and block suspicious activities.
• Conduct regular security audits and vulnerability assessments to identify and mitigate potential security gaps.
• Employ least privilege principles, ensuring users and applications have the minimum necessary access rights.
• Enable multi-factor authentication (MFA) to add a layer of security to user accounts.
• Monitor network traffic for unusual activities that could indicate the presence of malware or unauthorized access.
• Educate employees on recognizing phishing emails and safe online practices to reduce the risk of initial infection.
• Establish and test incident response plans to ensure rapid containment and recovery in the event of ransomware.
• Never trust or open links and attachments received from unknown sources/senders.
• Implement multi-factor authentication to add an extra layer of security to login processes.