[1 min]

In this talk, I will provide a quick overview with regards to the African Cyberspace

(including broadband connectivity and the malware landscape). I will then share some

anecdotal evidence on the impact of ransomware in Africa, and South Africa in general

and then close off by sharing some of my views on how we can arrest the scourge of

malware and ransomware in Africa by cooperating with the global community. The

reason we want to focus on malware and ransomware is that most attacks (95% of cyber

breaches) are caused by malware.

1

2

Africa is a very unique and large continent. Its size is sometimes undermined by the

world. It has a population of over a billion people living in about 57 countries with

diverse cultures and languages. Although bigger, Africa’s GDP is only 2.6 trillion. Europe

is 24 trillion and North America: 20.3 trillion (82% made up by the US). Incredible, isn’t?

Introduce next slide: Although Africa is one of the biggest continent, we always lag

behind on various issues when it comes to ICTs.

3

In 2009, broadband connectivity in Africa was very minimal with only one under sea high

speed cable connecting many countries in Africa to the outside world. Mostly, African

countries relied on the slow satellite connectivity. African did not have equal connection

as compared to the rest of the world, and this is still the case in some other parts of the

continent. By 2012, Africa was heavily connected after a lots of investments from telcos,

and Internet access (services) started to also increase.

Currently, there is a quarter of a billion of netizens in Africa who have access to the

Internet. It is estimated that there are ½ a billion unique mobile mobiles, estimated at

over 50% of the population numbers and a 100% penetration is predicted by 2020.

However, this is only a small fraction when compared to the global internet access.

Next Slide: Thus, Africa is regarded as the “Mobile First and Mobile Only” continent with

many netizens having contact with the Internet using mobile devices

4

Mobile phones are the bridging the digital divide in Africa. The poor and rich, those is

the cities and those in the rural areas can now have access to technology. Another

interesting fact is that 52% of all live mobile money services are in Sub-Saharan Africa.

Next Slide: The rise of mobile devices has also lead to the rise in cyber ills.

5

The increase in broadband connectivity has also lead to an increase in cyber attacks.

Reports indicate a 150% cyber attacks increase in Africa between 2014 – 2015. And

experts say that 31% of all attacks targeted small businesses, because they are ill-

prepared to respond, never mind not even believing that there is something

called cyber attacks.

Attacks in Africa vary from Web Defacements to cause embarrassments to

governments to DDOS attacks and Cyber crime using malware and ransomware.

The continent is loosing over R1 billion annually to cyber crime. In 2012, South

Africa was on the top 3 of countries suffering from cybercrime including China and

Russia. Today, South Africa is the number 1 cyber attacked in the continent.

6

The terrible thing is that malware infection rates are high in Africa (Microsoft).

Astonishingly, 80% of computers have one or more of malicious code. Mobile

ransomware has emerged as the biggest mobile security threat. Mobile Banking

Malware has taken over stealing users credentials and of course money.

Next slide: However, Africa is not alone – the malware battle is virtually LOST and

new thinking is required from the malware defenders

7

It is evident that the malware trend is increasing, and we (defenders) practically

have lost the war against cyber criminals.

New variants of ransomware are being introduced on regular basis to beat the

defenders who are always one step behind. It is reported by the Infosecurity

Magazine that about 430 million new malware variants were seen in 2015, with

an increase of 35% in crypto-ransomware.

Research surveys suggest that 50% of organizations have had a ransomware

incident over the last year. 40% pay the ransom – making it even more lucrative

for cyber criminals to continue in their business. The number of users

encountering the ransomware continues to rise – currently sitting at R2.3m.

8

Cyber criminals need not to be technical as we see a number of Ransomware as a

Service platform coming up where ordinary users can buy ransomware online

9

Ransomware is prevalent and evenly distributed in Africa. However, on average

ransomware infections are higher in Africa compared to what is found in other

countries, especially when you consider the Internet penetration.

10

There are of course some attempts to deal with the ransomware problems and

one of them is the Nomoreransom project. However, the challenge is it only

deals with past problems.

11

We are (defenders) doing something WRONG or we are NOT doing something RIGHT..

Current solutions are not working as required…anti-virus tools are not handling the

current problems well

12

Even tools that are meant to protect us are buggy.

13

Most of the problems in the cyberspace are said to be caused by hackers – the bad guys.

But the reality is that the bad guys are only exploiting the cyber insecurity thinking of

defenders, who like criminals are also after money, not necessarily resilient

cybersecurity systems. There is no debate that the more code we write, the more our

systems become faulty. There more complex they are, the more insecure they are. The

graph on the screen shows the number of vulnerabilities discovered over the years…and

all we see is exponential growth. Each device on average was running 28 known

vulnerabilities. Devices were actively running known vulnerabilities for an average of

5.64 years. More than 9 percent have known vulnerabilities older than 10 years. Is this

not crazy?

14

It is evident that there more time we spend on writing good quality code, the less

problems we will have with our current software

15

“Cybersecurity is all about power and only power”. Dan Geer (Black Hat, 2014).

16

Current cyber technologies cannot continue to be developed and deployed to the

masses at will. Vendors need to start following standardization and verification

processes. Today, we have the problem of vendors competing to beat each other on

who gets the most insecure solution to the market first. The quick release of new

software that has not been thoroughly tested is the biggest cause of the malicious

cyberspace. If something has the potential of causing harm, it must be regulated.

17

Cybersecurity will always be exactly as bad as it can possibly be while allowing

everything to still function or making somethings optional to function. Dan Geer in his

keynote address at black hat 2014 quoted that “the only two products not covered by

product liability today are religion and software, and software should not escape for

much longer”. Vendors should be responsible for the harm that their products cause.

There is functionality that must not be allowed to be ON, when causing harm to users.

Secondly, software products must have functions that cannot just be turned on and off.

A simple example: End-to-end encryption is always activated on the latest versions

of WhatsApp. There is no way to turn off end-to-end encryption

18

The cybersecurity perspective that we have these days is myopic, because it is only

based on vendors perspective. We always do not have the whole picture… thus it is

important that cybersecurity failures are formally reported, just like it is the norm when

it comes to crime, diseases, job numbers, births and deaths. If the cybersecurity

community wants to operate in the “unregulated” environment, we must expect more

and more unlawful activities.

19

It is evident that no one vendor, one country, one continent can address most of the

cybersecurity challenges. On the Internet, the logical borders makes us a one big cyber

continent with few countries. Currently, attackers are always one step ahead, whilst

defenders are always following behind. Criminals are collaborative, they share code and

build malicious software together. Defenders do not do that…

20

It is evident that no one vendor, one country, one continent can address most of the

cybersecurity challenges. On the Internet, the logical borders makes us a one big cyber

continent with few countries. Currently, attackers are always one step ahead, whilst

defenders are always following behind. Criminals are collaborative, they share code and

build malicious software together. Defenders do not do that…

21

For us to win the war of malware in the cyberspace, we must invest in more forward

engineering than in reverse engineering. We must start building better cybersecurity

solutions that are also cyber-proof (to some extent). Lets think like hackers and defend

like ninjas. We must be proactive. Forward focused and continuously scouring for

vulnerabilities, connecting dots, detecting variances and sifting through billions

of events to build upon a base of actionable knowledge.”

22

23