SOCRadar’s“Africa Threat Landscape”report provides a clear overview of the current cyber challenges in Africa, revealing a high volume of diverse malicious activity on the dark web. Here are the key takeaways:

• Sale of Stolen Data Tops the List: More than 56% of activity on the dark web involves the sale of data, particularly personal, financial, and corporate databases (accounting for nearly 70% of threats). This data fuels identity theft, fraud, and large-scale attacks.
• Information sharing and the access market: 39% of activities involve sharing information, while 22% involve selling access to systems, facilitating the deployment of ransomware or intrusions.
• A wide variety of ransomware groups: 74% of activity is attributed to unidentified actors or “others,” reflecting a fragmented landscape characterized by small, short-lived campaigns. Among the known groups, RansomHub, FunkSec, and KillSec are active but relatively few in number.
• Sophisticated phishing: The majority of phishing pages use HTTPS (80%) to deceive victims. Generic titles such as “My Site” (24%) are most common, but targeted attempts on platforms like Telegram are also widespread.
• A worrying trend: The apparent security of HTTPS sites has become the norm, making detection more difficult. There is an urgent need to adopt advanced defense strategies

Key recommendations for CISOs:

• Deployment of dark web monitoring tools
• Strengthening resilience against ransomware (backups, testing)
• Phishing Detection and Increased Awareness
• Enhanced protection of sensitive data (MFA, encryption, access control)
• Securing critical infrastructure
• Sharing information with partners and authorities