Cyber attacks in countries with low economic development

Indice

The idea that hackers only target the most industrially powerful countries is wrong; certainly the United States, China, Europe, are constantly at the centre of cyber attacks, but there are offensive scenarios that we hardly ever hear about and that are in full development.

Hacking a country’s economy

Cyber attacks must be understood as a phenomenon capable of damaging the economy of one or more companies, but also capable of disrupting the economic-political performance of a nation. One does not have to go too far to remember events such as the attack on the Colonial Pipeline that disrupted the American economy:

The cost of oil rose by 4% on the day of the attack, and by 1.5% the following day (Monday 10 May 2021)

Cyber attacks have multiple purposes, and paradoxically, damaging businesses is not the most relevant, on the contrary, weakening the perception of a country’s economic and political security is one of the main ones. In the Obama-Trump election campaign, hacker attacks from China aimed to destabilise confidence in the Obama presidency, showing a weak America unable to defend itself. The term economy of a country means not only its profit capacity, its GDP, but also its politics, its government and its productive power, its reliability in the eyes of other nations. They are all intertwined: attacking one attacks the others. The question therefore arises as to whether so-called developing countries suffer hacker attacks, how often and for what purpose these attacks take place, but before going any further, it is good to clarify the concept of‘developing. The United Nations uses the acronym LDC – Least Developed Countries – and it is used to identify those nations where industrialisation is much less present than in others, but not only. The main characterising factors are: low income, scarcity of human resources (which includes factors such as nutrition, health, education and adult literacy), and economic vulnerability.

Cyber attacks in Africa

Africa belongs to the LDC countries, with 45 states including: Angola, Benin, Burkina Faso, Burundi, Chad, Comoros, Democratic Republic of Congo, Djibouti, Eritrea, Ethiopia, Gambia, Guinea, Guinea-Bissau, Lesotho, Liberia, Madagascar, Malawi, Mali, Mauritania, Mozambique, Niger, Rwanda, São Tomé and Príncipe, Senegal, Sierra Leone, Somalia, South Sudan, Sudan, Tanzania, Togo, Uganda, Zambia.

Despite the fact that in the West (especially in Italy) there is little public debate about Africa’s technological-industrial development, the country is receiving many more attacks than in 2023: an interesting article in the Nigrizia portal entitled‘Africa: cyber attacks on the rise‘ cites data from Checkpoint, the renowned cybersecurity company.

This figure represents a deterioration of 37 per cent compared to the same period in 2023. Of the 112 countries analysed by Checkpoint, the worst affected in Africa were Ethiopia and Zimbabwe, followed by Angola and Kenya. South Africa ranked 61st, while out of the sample covered by Checkpoint, Egypt ranked last – and therefore first, in qualitative terms – at 112th.

It is a condition that is bound to worsen for several reasons, the first of which is related to the fact that Africa is increasingly becoming the centre of interest for countries like China, which are busy extracting silicon and exploiting mineral deposits. As we learn from the Africa24.it website in the article‘China’s ties with Africa‘ by C. Volpi:

China’s Belt and Road Initiative (BRI), launched in 2013, has further intensified these ties, with 52 African countries joining the initiative. Today, China is Africa’s largest trading partner, with a significant share of African raw materials exported to China. […] China derives numerous benefits from its partnership with Africa. Firstly, access to key resources such as cobalt, platinum and coltan, which are crucial for the electronics industry, with China holding African refineries of rare earths and minerals essential for its emerging technology sector. Secondly, the alliance with Africa reinforces Chinese geopolitical aspirations, harnessing the African bloc at the UN General Assembly to influence resolutions on controversial issues and to gain support in international arenas. Against a backdrop of such technological, industrial and economic development, it is easy to imagine that hacking attacks will also gain momentum and increase in number and complexity.

Africa has been the target of an increasing number of cyber attacks since 2020, we could mention a few of them

  • Sibanye-Stillwater (2024): a major mining company operating in South Africa was hit by a cyber attack that compromised its IT systems, causing disruption to business operations.
  • Anglo American Platinum (2023): a major mining company, was the target of cyber attacks that interfered with operations, highlighting the growing cyber threat in the African mining sector.
  • Gold Fields (2020): one of the world’s largest gold mining companies with operations in South Africa, suffered a cyber attack that temporarily halted production at some of its mines.

On the Sibanye-Stillwater case, there is an interesting article by Reuters that tries to take stock of the situation. For the case of Anglo American Platinum, we recommend reading the article on Mining.com by Henry Lazenby‘Crude Anglo American email highlights cyber-hack threat‘.

The Transnet case

Transnet is a South African state-owned company that plays a crucial role in the management of the country’s transport infrastructure with over 50,000 employees. Established in 1990, Transnet is responsible for the management and development of major transport networks, including railways, ports and pipelines, which are essential for trade and logistics in South Africa and the surrounding region. Transnet operates through different divisions, each of which focuses on a specific aspect of transport:

  1. Transnet Freight Rail (TFR): is the division that manages the freight rail network and is one of the largest rail networks dedicated to freight transport on the African continent;
  2. Transnet National Ports Authority (TNPA): manages South Africa’s major ports, providing essential services for port operations and maritime logistics;
  3. Transnet Port Terminals (TPT): responsible for terminal operations in ports: facilitates the loading and unloading of goods, including containers, bulk and general cargo;
  4. Transnet Pipelines (TPL): operates the pipeline network that transports oil products and natural gas across the country, playing a crucial role in energy supply;
  5. Transnet Engineering (TE): provides maintenance and construction services for rolling stock, locomotives and other railway components.

It is therefore easy to deduce that the Transnet is crucial to the South African and regional economy; its transport infrastructure supports the country’s mining, agricultural and manufacturing industries, facilitating the export of goods and the import of essential goods, but not only. Transnet plays a significant role in fostering regional economic integration and improving connectivity between Southern African countries. Transnet is therefore a cornerstone of the South African and regional transport infrastructure, with a significant impact on trade and economic development.

Transnet was the victim of a ransomware attack in July 2021 that resulted in a major breach of IT systems. The offensive was claimed by the ‘Death Kitty’ collective; hackers managed to infiltrate the company’s IT networks, disrupting daily operations and causing significant disruption including:

  • Disruption of port services: the IT systems of the ports operated by Transnet were affected, causing cargo loading and unloading operations to come to a halt. This led to significant delays in maritime trade and affected the supply chain;
  • Rail disruptions: rail operations were also affected, with disruptions in freight services impacting the South African economy;
  • Compromised internal communications: the ability to communicate within the company was compromised, making it difficult to coordinate emergency responses and restore normal operations.

On 29 July 2021, theInstitute For Security Studies published a very interesting article by Denys Reva on hacker attacks against the transport company Transnet. Reva, in his article, explains:

The cumulative impact of the attack will certainly cause lasting damage to the economy, further weakening South Africa’s economic recovery from the COVID-19 pandemic. However, the actual severity of the incident is difficult to estimate, leaving experts to speculate on its nature, scale and consequences. […] The number of similar incidents in Africa is likely to increase as seaports seek to increase efficiency and effectiveness through digitisation.

The case of Congo

In 2023 , NetScout conducted a study on the incidence of DDoS attacks in the Congo, but before going any further, it should be made clear that it is very difficult to get reliable and up-to-date information from these countries. Congo is experiencing constant difficulty in dealing with an increasing number of DDoS attacks, so it is best to give some numerical references to put the phenomenon in context:

Maximum bandwidth occupation2.37 Gbps
Maximum Throughput5.5 Mpps
Average duration10 Minutes
Frequency of attack335 Attacks/year
DDoS in the Congo recorded by NetScout in 2023

These figures, to the layman’s eye, do not seem that relevant, but consider that if Congo experienced a DDoS attack with a bandwidth occupancy of 2.37 Gbps, Amazon Web Services (in 2020) had to handle an attack of 2.3 Tbs. In order to provide a simplified view for the inexperienced, we round the figures down and apply Gbps as the unit of measurement, resulting in the following:

CongoAmazon Web Services
22.000
Exemplifying the comparison between the attack in Congo and that suffered by AWS

It is striking to note the abysmal difference between these figures, but it is equally important to put the phenomenon in context. To be able to counter a 2 Gbps DDoS attack, one needs infrastructure and equipment that is hard to find in Congo. Amazon on the other hand, enjoys technological resources that far exceed those used by Congo.

In Europe, the increasing number of DDoS attacks is also managed through collaboration between the ISPs of the various countries. This collaboration has not yet been fully established, but it has made it possible to implement effective strategies that have protected world-class events such as the Eurovision Song Contest. There is still a lot of work to be done, but the situation in Europe is not even close to the condition in which many countries around the world, including Congo, find themselves.

Yet Congo is home to key mines of coltan, which contains tantalum, used in electronics for capacitors and mobile phone components, and cobalt (of which Congo is one of the world’s largest producers), which is essential for rechargeable batteries, such as those in electric vehicles. The paradox is that one of the most important places for the economic development of the world’s powers, is also one of the least digitally protected places, and it is normal that by increasing production, it is easy to increase the levels of digitisation, and it is therefore a foregone conclusion that offensive phenomena on the ground will also increase.

Conclusions

It is not only Africa that is affected by a significant increase in hacker attacks: according to the Ransomfeed platform, attacks recorded over the years for the countries below have increased dramatically (see Australia as an example).

Country20222023
Argentina1130
Australia20117
Brazil1694
Chile414
India683
Malaysia226
Thailand741
UAE229
Ransomware increase between 2022 and 2023. Source: Ransomfeed.com

If countries like the United States, France, Great Britain, and China cannot protect their computer systems from ransomware attacks, how will LDC countries be able to do so? The industrial, political and social development of these countries is directly linked to cyber security and data protection. It is therefore good to bear in mind that these territories are equally subject to cyber attacks, just like other nations. Although they may seem much less impactful in number and scope, it must be borne in mind that the effects are proportional to the security measures available, and these are often very limited if not entirely inadequate to cope with the growing offensive phenomenon.