‘Dark AI’ And The New Face Of Cybercrime In Africa — Kaspersky’s Benjamin Okolie Explains

As cyberthreats grow more complex and relentless, Africa’s digital ecosystem is facing a new wave of sophisticated attacks. From AI-driven phishing campaigns to targeted ransomware, the threat landscape is shifting fast, and organizations must adapt just as quickly.

In this exclusive interview, Techtrends Africa speaks with Benjamin Okolie, Kaspersky’s Technology Expert and Consultant in Africa,about the changing dynamics of cybercrime and how African businesses can stay ahead of the curve.

What is the current cyberthreat landscape in Africa, and how is it evolving?
According to a report published last year by our Global Emergency Response Team (GERT), we’ve observed a significant shift in the cyberthreat landscape. While the overall number of ransomware incidents appears to be declining, this doesn’t mean the threat has gone away. Instead, attacks are becoming more targeted and sophisticated. Threat actors are no longer casting a wide net; they are carefully selecting their targets, particularly larger organizations and critical infrastructure, where a successful breach can yield higher returns.

What are the most prominent threats African organizations face today?
One of the biggest trends we’re seeing is the rise of what we call “Dark AI”. That is, cybercriminals are leveraging artificial intelligence to craft highly convincing phishing content and social engineering campaigns. In the past, there was a concept of how to detect phishing emails. You see some urgency. You see spelling errors. These things used to be really easy and somewhat straightforward to explain. This has made phishing more personalized and much harder to detect.

The problem is that sometimes people misinterpret this. Because there are no spelling errors or an urgency, they don’t see it as a phishing email, which unfortunately is not the truth. Right now, with the evolution of dark AI, we’re seeing neural networks write phishing messages, and there are no spelling errors or urgency. Rather than see something like “click now”, “I need access now”, “I need this now”, you’re seeing things like “you have the next 48 hours”. There is still some level of timeline or deadline to it, but it’s not as rushed as before.

ALSO READ Ransomware Attacks on Education Institutions Increase, Sophos Survey Shows

We are also seeing increasing exploitation of vulnerabilities on public-facing infrastructure. Attackers scan the internet for systems with known vulnerabilities and exploit them quickly, sometimes within hours of disclosure. We’ve seen an increase in so-called “trusted relationships”. This is the case of a user giving access to someone whom they believe they trust. Many breaches now originate from compromised third-party relationships, who already have access to internal systems.

How are attackers changing their strategies?
They’ve become more strategic and data-driven. Instead of using generic tools, they are now studying their targets, understanding their defenses, and using sophisticated frameworks. The MITRE ATT&CK framework, for instance, shows that attackers constantly switch to new tactics and techniques. If defenders aren’t updating their detection logic regularly, Sigma rules, for example, they risk falling behind.

It’s no longer enough to focus on just perimeter defenses. Organizations need real-time threat intelligence and must constantly review and update their security policies, incident response playbooks, and detection logic.

What practical steps can organizations in Africa take to strengthen their cyber defense?
First, visibility is key. You can’t protect what you can’t see. Organizations need to understand their attack surface, including third-party connections. There’s a need to start to communicate and focus more on raising awareness internally to ensure that users aren’t just going out there giving passwords. We also need to work on policies, or even audit our third parties that are interacting with our systems. Conduct regular security assessments, patch vulnerabilities quickly, and segment networks to contain potential breaches.

ALSO READ Cybercriminals attack users with 400,000 new malicious files daily – that is 5% more than in 2021

Second, improve user awareness. Since many attacks start with phishing. So, your team must be trained to recognize suspicious messages. However, training alone is not enough. It is also important that you deploy security solutions that can automatically detect and block phishing attempts.

Third, adopt a proactive security posture. Instead of waiting for an incident to occur, use threat hunting, endpoint detection and response (EDR) tools, and regularly test your defenses. Security is a continuous process, not a one-time project.

Any final advice for African organizations navigating this evolving threat landscape?
Cybersecurity is not just an IT problem but a business risk issue. Every organization, no matter its size, should treat it as a board-level priority. The threat landscape is evolving rapidly, especially with the rise of AI-driven attacks. We must adapt just as quickly.

There’s also the problem of “no two organizations being the same”. What is affecting the financial services might not be the same for telcos, or oil and gas. First, we need to understand our industry and leverage the tools in the threat landscape. Security teams should be empowered with the right tools, training, and support from leadership to stay ahead of these threats. Cyber threats is a continuous journey that demands vigilance, innovation, and collaboration from all players in the ecosystem.