info@businessghana.com
Eight African countries among the most targeted, with Ethiopia retaining top spot as cybercriminals continue to exploit legitimate platforms to evade detection and establish persistence
Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader of cyber security solutions, has released its Global Threat Index for February 2025, highlighting the rise of AsyncRAT, a remote access Trojan (RAT) that continues to evolve as a serious threat within the cyber landscape.
Once again, Ethiopia retained its top spot as the most targeted country by malware actors, followed by Zimbabwe, Uganda, Nigeria, Angola, Kenya, Mozambique and Ghana as among the Top 20 most targeted countries. South Africa was ranked 59th with a Normalised Risk Index of 40, down from 66th last month.
Security researchers have observed that AsyncRAT is being utilised in increasingly sophisticated campaigns, leveraging platforms like TryCloudflare and Dropbox to distribute malware. This reflects the growing trend of exploiting legitimate platforms to bypass security defenses and ensure persistence across targeted networks. The attacks typically begin with phishing emails containing Dropbox URLs, leading to a multi-step infection process involving LNK, JavaScript, and BAT files.
Maya Horowitz, VP of Research at Check Point Software, commented, "Cybercriminals are leveraging legitimate platforms to deploy malware and avoid detection. Organisations must remain vigilant and implement proactive security measures to mitigate the risks of such evolving threats."
African countries featured in the top 20 are:
Threat Index Per African Country
Ethiopia remains in 1st place with a Normalised Risk Index of 100.
Zimbabwe was ranked 6th dropping its Normalised Risk Index from 77,7 to 74,8.
Uganda was ranked 9th with a Normalised Risk Index of 64,8.
Nigeria was ranked 10th moving from position 11 with a Normalised Risk Index of 63,1.
Angola was ranked 11th with a Normalised Risk Index of 62,6
Kenya was ranked 13th with a higher Normalised Risk Index of 61,1.
Mozambique was ranked 14th with a Normalised Risk Index of 60,3.
Ghana remained in 16th position with a Normal Risk Index of 59,4
Egypt was once again the best performing country in Africa out of the 109 surveyed in the Index. Sitting at position 107th, with a significantly decreased Normalised Risk Index of 25,9 from 31,1 the previous month.
"The cyber security landscape in South Africa reflects the broader challenges facing Africa. With increasing digital transformation in critical sectors such as finance, education, and government, we are also witnessing a sharp rise in sophisticated cyber threats," says Lionel Dartnall, SADC Country Manager, Check Point Software Technologies.
Top Malware Families
The arrows indicate the change in rank compared to the previous month. FakeUpdates was the most prevalent malware in February, closely followed by Androxgh0st and Remcos all impacting 3% of organisations worldwide.
↔ FakeUpdates – FakeUpdates (AKA SocGholish) continues to dominate, delivering secondary payloads through drive-by downloads on compromised or malicious websites. This malware is often linked to the Russian hacking group Evil Corp and remains a significant threat for organisations globally.
↑ Androxgh0st – Androxgh0st, a Python-based malware targeting Laravel applications, has risen in the ranks. It scans for exposed .env files, often containing sensitive information such as login credentials, which it then exfiltrates. Once access is gained, additional malware can be deployed, and cloud resources can be exploited.
↔ Remcos – Remcos, a Remote Access Trojan (RAT), remains a top malware strain, frequently used in phishing campaigns. Its ability to bypass security mechanisms, such as User Account Control (UAC), makes it a versatile tool for cybercriminals.
↑ AsyncRAT - AsyncRAT is a remote access Trojan (RAT) that targets Windows systems and was first identified in 2019. It exfiltrates system information to a command-and-control server and can execute various commands, such as downloading plugins, terminating processes, capturing screenshots, and updating itself. Typically distributed through phishing campaigns, AsyncRAT is utilised for data theft and system compromise.
↑ AgentTesla—AgentTesla is an advanced RAT (remote access Trojan) that functions as a keylogger and password stealer. Active since 2014, AgentTesla can monitor and collect the victim's keyboard input and system clipboard, record screenshots, and exfiltrate credentials entered for a variety of software installed on the victim's machine (including Google Chrome, Mozilla Firefox, and Microsoft Outlook email client). AgentTesla is openly sold as a legitimate RAT, with customers paying $15 - $69 for user licenses.
Top Mobile Malware
↔ Anubis – Anubis continues to rank as the top mobile malware. It remains a significant banking trojan, capable of bypassing multi-factor authentication (MFA), keylogging, and performing ransomware functions.
↑ Necro – Necro, a malicious Android downloader, has moved up in rank. It allows cybercriminals to execute harmful components based on commands from its creators, enabling a range of malicious actions on infected devices.
↓ AhMyth – AhMyth, a remote access trojan (RAT) targeting Android devices, has slightly decreased in prevalence. It remains a significant threat due to its ability to exfiltrate sensitive information such as banking credentials and MFA codes.
Top-Attacked Industries Globally
Education
Telecommunications
Government
Top Ransomware Groups
Clop remains the most prevalent ransomware group, responsible for 35% of the published attacks. It is followed by RansomHub and Akira.
Clop – Clop continues to be a major player in the ransomware space, utilising the "double extortion" tactic to threaten victims with the public release of stolen data unless a ransom is paid.
RansomHub – A prominent Ransomware-as-a-Service (RaaS) operation, RansomHub emerged as a rebranded version of Knight ransomware. It has quickly gained notoriety for its sophisticated and widespread campaigns targeting various systems, including Windows, macOS, and Linux.
Akira – Akira, a newer ransomware group, focuses on targeting Windows and Linux systems. The group has been linked to phishing campaigns and exploits in VPN endpoints, making it a serious threat for organisations.
For the full February 2025 Global Threat Index and additional insights, visit the Check Point blog.
Follow Check Point via:
Linked: https://www.linkedin.com/company/check-point-software-technologies
X: https://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: https://blog.checkpoint.com
YouTube: https://www.youtube.com/user/CPGlobal
About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading AI-powered, cloud-delivered cyber security platform provider protecting over 100,000 organisations worldwide. Check Point leverages the power of AI everywhere to enhance cyber security efficiency and accuracy through its Infinity Platform, with industry-leading catch rates enabling proactive threat anticipation and smarter, faster response times. The comprehensive platform includes cloud-delivered technologies consisting of Check Point Harmony to secure the workspace, Check Point CloudGuard to secure the cloud, Check Point Quantum to secure the network, and Check Point Infinity Core Services for collaborative security operations and services.
Legal Notice Regarding Forward-Looking Statements
This press release contains forward-looking statements. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this press release include, but are not limited to, statements related to our expectations regarding future growth, the expansion of Check Point's industry leadership, the enhancement of shareholder value and the delivery of an industry-leading cyber security platform to customers worldwide. Our expectations and beliefs regarding these matters may not materialize, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. The forward-looking statements contained in this press release are also subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the Securities and Exchange Commission on April 2, 2024. The forward-looking statements in this press release are based on information available to Check Point as of the date hereof, and Check Point disclaims any obligation to update any forward-looking statements, except as required by law.
