Africa Relinquishes Cyberattack Lead to Latin America — For Now - Dark Reading

Threat IntelligenceCyber RiskCyberattacks & Data BreachesEndpoint SecurityNewsBreaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia PacificAfrica Relinquishes Cyberattack Lead to Latin America — For NowThe volume of cyberattacks targeting Africa declined in the past year, with weekly attacks down 22%, as attackers seemingly shifted their focus to other regions.Robert Lemos,Contributing WriterApril 23, 20264 Min ReadSource: Ground Picture via ShutterstockAfrican organizations have seen fewer cyberattacks so far in 2026, compared to the previous year, as cybercriminal and espionage activity shifts to other regions, such as Latin America, according to experts.African organizations encountered an average of about 2,700 attacks per week in the first quarter of 2026, down 22% from the nearly 3,500 threats per week seen by organizations the year before, according to data from cybersecurity firm Check Point Software Technology. Despite the decrease, African organizations continue to see a higher intensity of attacks than the global average of 2,000 attacks per week, Check Point stated in its "March 2026 Cyber Threat Landscape" report.African organizations are improving in their cybersecurity preparations, just as cyberattackers are focusing elsewhere, giving the region somewhat of a respite, says Sergey Shykevich, threat intelligence group manager at Check Point Research.Related:Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks"We are seeing a continued trend in Africa, which began in 2025, of stabilization in the number of attacks, while in other regions we see continued increase," he says. "The change in 2026 [is] both about [a] shift in attackers' targeting and improvement in cyber security maturity in Africa."The African threat landscape is quickly shifting, as cybercriminal syndicates move operations to the continent and nation-states continue to target government agencies and communications. Criminals have, for example, quickly shifted to targeting African organizations with cybercrimes, accounting for more than 30% of all reported crimes in both East and West Africa, according to Interpol's "2025 Africa Cyberthreat Assessment Report."In mid-2025, cyber attacks targeting Africa and the Asia Pacific regions started slowly declining, with other global regions seeing a trend of slowly increasing attacks. By the end of the year, Latin America overtook Africa as the riskiest region.Different Countries, Different TrendsWhile Africa has seen an overall decrease in attacks, different countries experienced the trend differently, Check Point researchers say. Kenya and Morocco both experienced drops of more than half, while other countries, such as Ethiopia, saw significant (29%) increases in attacks. Nigeria saw the most cyberattacks in 2025 — averaging 4,200 attacks per week per organization — but the country's organizations saw 12% fewer attacks in March, according to data from Check Point's researchers. Africa organizations are seeing 22% fewer cyberattacks compared to 2025. Source: Check Point ResearchThe greatest declines in attack frequency were in the exploitation of vulnerabilities and the execution of distributed denial-of-service (DDoS) attacks, the firm stated.Related:Tropic Trooper APT Takes Aim at Home Routers, Japanese TargetsIn some cases, cyberattackers are seeing high-value sectors in Latin America as more promising targets, particularly healthcare and government, according to Check Point's report. Latin America holds the dubious honor of the most popular target of cyberattackers, with 3,050 weekly attacks."Many parts of Latin America are undergoing rapid digitalization, but this is not always matched by increased investment in cybersecurity, leaving gaps that attract a range of attackers," says Check Point Research's Shykevich. "Ongoing geopolitical shifts in the region are also driving nation-state actors to invest more resources in targeting countries across Latin America for espionage purposes."Data Still UnclearOther cybersecurity firms see a slightly different picture. Africa may be seeing fewer attacks of some types, but not across the board, according to data from cybersecurity firm Kaspersky Lab. African users continued to be affected the most by on-device threats, with 41% of machines affected by some sort of malware, adware, or unwanted programs, while 30% of Latin American users were affected by similar threats.The dynamics of "specific threat types ... can diverge across regions: the detections for one type of threat may be increasing while another is simultaneously declining," says Marc Rivero, lead security researcher with Kaspersky’s Global Research & Analysis Team (GReAT). Kaspersky Lab worked with AFRIPOL over the past six months to train law-enforcement officers from 23 different countries in cybersecurity, security operations center (SOC) activities, and how to conduct threat hunting and investigations.Related:Russia's Forest Blizzard Nabs Rafts of Logins via SOHO RoutersWhether Africa will continue to see a decline is a question mark.While Check Point's report documents "a meaningful annual decline in Africa ... on its own, it is insufficient to determine whether this is a durable structural shift or a temporary fluctuation," says Ian Van Rensburg, head of security engineering for Africa at Check Point Software.He pointed to ransomware as an example of a threat that has not shifted to heavily targeting African organizations. Currently, 55% of ransomware targets companies and institutions in North America, while African organizations only account for 2% of the attacks."Ransomware remained heavily concentrated in the US and other Western markets," he says, "suggesting that Africa was not a major published victim cluster in this dataset."Read more about:DR Global Middle East & AfricaAbout the AuthorRobert LemosContributing WriterRob is an award-winning, veteran technology journalist of more than 30 years, reporting on global cybersecurity issues, the latest offensive and defensive technologies, malware incidents, cyber conflict, and AI's impact on software and cybersecurity. A former research engineer, Rob has written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. He has received five awards for journalism, including Best Deadline Journalism (Online) in 2003 for his coverage of the Blaster worm. Rob also analyzes data on various trends using Python and R for both his reporting and his clients. Recent reports include analyses of the shortage in cybersecurity workers, annual vulnerability trends, and annual threat reports.Rob holds degrees from Cornell University in Electrical Engineering and Computer Science (double major).See more from Robert LemosWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyEssential News & Insights from Black Hat USA 2025How Enterprises Are Harnessing Emerging Technologies in CybersecurityAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsMore WebinarsEditor's ChoiceCybersecurity Operations20 Leaders Who Built the CISO Era: 2 Decades of Change20 Leaders Who Built the CISO Era: 2 Decades of ChangebyDark Reading Editorial TeamMay 12, 202641 Min ReadApplication SecurityIt's Patch Tuesday for Microsoft & Not a Zero-Day In SightIt's Patch Tuesday for Microsoft & Not a Zero-Day In SightbyJai VijayanMay 12, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackThurs, June 25, 2026, at 1pm ESTDefending in the Shadow Era: When the CVE Feed Goes DarkTues, June 16, 2026 at 1pm ESTBuilding SecOps That Make the Most of Every DollarThurs, July 9, 2026 at 1pm ESTAI-Powered Cybersecurity for Resource-Constrained OrganizationsThurs, June 18, 2026, at 1pm ESTAI-Powered Credential Security: Intelligence Without ExposureWed, June 17, 2026, at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASS