Kaspersky’s security data for corporate clients shows that the number of backdoor computer malware attacks in South Africa, Kenya, and Nigeria reached record highs in the second quarter of 2022.
This caused new problems for enterprise and government agency cybersecurity professionals.
What is the Backdoor virus?
One of the most deadly kinds of malware is a backdoor. Backdoors provide online fraudsters access to a victim’s computer remotely. Unlike legal remote administration tools, backdoors are installed, launched, and used without the user’s knowledge or permission. Backdoors can be programmed to send, receive, execute, and delete files, collect private information from computers, log activity, and more when installed.
Threat actors can maintain permanent, update-resistant, and somewhat stealthy access to the IT infrastructure of a targeted organisation thanks to the SessionManager backdoor. Once hackers have gotten into the victim’s system, they can use backdoors to look at business emails, add more malicious software to the system, or run compromised servers in the background that can be used as malicious infrastructure.
SessionManager’s low detection rate is one of its distinguishing characteristics. When Kaspersky researchers found the first backdoor samples in early 2022, most well-known online file scanning services had not yet marked them as dangerous. According to Kaspersky, the Internet Kaspersky, scan, and SessionManager are still used in more than 90% of the targeted organisations.
SessionManager was a hard-to-find backdoor that Kaspersky recently found to target international NGOs and governments. This backdoor was installed as a malicious module in Microsoft’s widely used Internet Information Services (IIS) web server. SessionManager makes it possible for many bad things to happen, like collecting emails and taking complete control of the victim’s infrastructure.
When did the virus first appear in Africa, and where did it have the most significant effect?
This backdoor was first used in March 2021 and affected NGOs and government organisations in Africa, South Asia, Europe, and the Middle East. Numerous of the targeted organisations are still in danger.
From Q1 to Q2, the number of backdoors found in South Africa went up 140%, to 11,872, and the number of users affected went up by 10%. Nigeria came in second. The number of backdoors there rose by 83% to 2,624, and the number of affected users rose by 24%. In Kenya, the number of detections rose to 10,300 in the second quarter (53% more than in the first), and the proportion of users affected by backdoors rose by 11%.
Backdoors allow for a succession of long-running, undetected cyber espionage operations that can disrupt the victim organisation’s operations and cause considerable financial or reputational losses. According to Dr Amin Hasbini, head of Kaspersky’s Middle East, Turkey, and Africa region’s Global Research and Analysis Team (GReAT), corporate systems should be routinely reviewed and vigilantly watched for hidden risks.
The Kaspersky Anti-Targeted Attack platform is an all-encompassing endpoint detection and response solution that offers comprehensive threat intelligence capabilities and defence against sophisticated and targeted attacks. Cybersecurity experts can see everything on the network, the web, in email, PCs, laptops, servers, and virtual machines in public clouds.
Read more: Kaspersky Launches Online Course for Cyberattack Défense
How can the virus be prevented?
To defend their assets from backdoor malware, companies must learn about current cyber threats. Threat intelligence is the only tool that can reliably and promptly predict sophisticated backdoors.
Kaspersky experts also advise that following these measures will safeguard your organisation from backdoors:
Detecting lateral movements and data exfiltration to the Internet should be the main focus of your defensive plan. Pay close attention to outgoing traffic to spot connections cybercriminals use—regular data backups. In an emergency, be sure you can immediately reach it.
Use a program with enhanced EDR like Kaspersky Anti-Targeted Attack, which can detect and thwart backdoor assaults early on before the attackers succeed in their objectives.
Use a trustworthy endpoint security program like Kaspersky Endpoint Security for Business (KESB), which has a remediation engine that can undo harmful acts, exploit prevention, and behavioural detection. Additionally, KESB has protection systems that can stop cyber criminals from removing it.
Concerning Kaspersky
Founded in 1997, Kaspersky is a multinational cybersecurity and digital privacy company. Kaspersky’s extensive threat intelligence and consumers, governments, businesses, and vital infrastructure worldwide benefit from continually evolving security know-how into cutting-edge security solutions and services. As part of its security services, the company offers maximum endpoint protection and several specialised security solutions and services to fight sophisticated and new online threats. Kaspersky products protect more than 400 million people, and it works with more than 240,000 businesses to protect their most important assets.
