The rapid development of Internet access throughout Africa has not been accompanied by an equivalent increase in awareness of security issues, opening up the possibility of a rise in cyberattacks.

With many countries testing 4G broadband technology, an increasing number of Africans are being introduced to the Internet through mobile devices. Most new users are excited and would click on almost anything, oblivious to lurking dangers, according to Mikhail Nagorny, head of Business Development and Security Intelligence Services at Kaspersky Lab.

Nagorny noted that the rate of technology adoption in Africa has outpaced that of Europe.

“Before, cyberattacks did not have an impact,” Nargony said. With the rise of high-speed Internet, though, cybercriminals can take advantage of unsuspecting users, he added.

Recent statistics from the Communication Authority of Kenya show that the country has 26.1 million Internet users, and a little more than 16 million of them access the Internet through their mobile phones. In Nigeria, the most populous country on the continent, there are 80 million mobile internet users, according to the latest Nigeria Communication Commission report.

“All countries in the world, including Africa, have now the same Internet technology,” Kirill Kertsenbaum, head of Global Presales Management at Kaspersky explained. “So this has made the threat landscape the same across the globe.” The difference among regions mainly lies in the number of users accessing the Internet, he said.

Kertsenbaum said that financial institutions and governments are the most targeted entities in Africa.

The development of mobile money across the continent by telecom companies coupled with the increasing penetration of the Internet means telecom companies are also in danger.

Last week, Safaricom, the leading telecom company in Kenya and East Africa, cracked down on cybercriminals who had electronically stolen airtime from their systems and sold it to 10,000 users at half price. Business Daily Africa reports that the suspect, Alex Mutuku, as well as the 10,000 subscribers, could be charged with handling stolen property.

Kaspersky’s Cyber Security Report 2014 for Kenya highlighted the developments of security flaws around mobile banking and mobile money services.

“The continued adoption of online and mobile banking services is leading to new threats for customers and local financial institutions. Many financial institutions are introducing vulnerable Web and mobile applications,” the report said.

The report added that, “In a recent study we sampled 33 online banking portals. Out of the 33 banking applications sampled, only 2 banking portals had adequate online security deployed on their Web application. The majority of the Web applications reviewed lack of strong encryption and are susceptible to phishing attacks.”

Kertsenbaum said that the report has elicited interest from telecom companies. Kaspersky is working with a few of them in Africa, he said. Among other things, the company is in discussions with mobile operators in Kenya to discuss how to protect users, he added.

Nagorny added that apart from educating users on mobile phone protection, telecom companies can also consider adding more layers of protection over their infrastructure. He urged governments and private companies to deploy regular training for their IT departments.

Gurucul is extending its identity-based threat detection to cloud-based applications with a new platform that monitors who has access to what and what they are doing with it.

Cloud Analytics Platform (CAP) lets customers analyze identities the correlation of individuals and the machines they use as they consume resources in the cloud to set a baseline for acceptable behavior and to find anomalies that may indicate threats.

ALSO ON NETWORKWORLD:8 Cloud Companies to Watch Following MONSTER Funding Week

One real-world example: CAP discovered a terminated employee downloading data from the corporate Salesforce account from the employee’s new job, says company CEO Saryu Nayyar.

CAP does for the cloud what the company’s Risk Analytics platform does for premises-based activity, Nayyar says. Both are based on Gurucul’s Predictive Identity-based Behavior Anomaly Engine (PIBAE), which learns legitimate behaviors by peer groups and compares it to the behavior of individual identities to ferret out malicious behavior.

PIBAE uses predictive modeling to assign a risk score to anomalous behavior it finds and sends alerts.

CAP taps slightly different metadata resources to make these decisions because of the inherent differences between cloud and on-premises infrastructure, Nayyar says.

It was possible before to pull cloud data within Gurucul Risk Analytics, but customers wanted a standalone platform that gave a clean view of cloud activity, she says.

CAP supports rule-based access control that supports customizing the view that groups and individuals can have of the dashboard.

So far the company has catered to Fortune 500 companies, but expects to expand to the Fortune 2000, Nayyar says.

CAP has a base price of $50,000 per year plus a fee adjusted according to the number of identities being managed, which can include full-time employees but also contractors. CAP is available now.

Attacks against industrial control systems doubled last year, according to a new report from Dell.

“We have over a million firewalls sending data to us on a minute-by-minute basis,” said John Gordineer, director of product marketing for network security at Dell. “We anonymize the data and see interesting trends.”

In particular, attacks specifically targeting SCADA industrial control systems rose 100 percent in 2014 compared to the previous year.

[ The future of SCADA-control security ]

Countries most affected were Finland, the U.K. and the U.S.

The most common attack vector against these systems were buffer overflow attacks, said Gordineer.

“They’re trying to overwhelm that SCADA system and cause a denial of service,” he said. “What they’re trying to do is not steal data but shut the devices down. We hypothesize that there’s less of a financial motive here than a disruption of service type of motive.”

These kinds of attacks don’t involve loss of personally identifiable information, so typically aren’t reported. In fact, other industrial companies might not even know that the threat exists until they are targeted.

According to Dell, the state of vulnerability is exacerbated by the fact that industrial machine is typically older equipment and isn’t well secured against modern networked environments — and more attacks are likely to come as a result.

The data was collected by the Dell Global Response Intelligence Defense Network, which collects data from more than a million security sensors in over 200 countries, honeypots, data from thousands of firewalls, shared threat intelligence from industry groups and research organizations, and other sources.

The report also covered two other major trends, the increase in malware targeting point-of-sale devices, and the increase in encrypted traffic.

Dell researchers created 13 new point-of-sale malware signatures in 2014, compared to just three in all of 2013.

The majority of these attacks were aimed at the US retail industry.

The malware has also been evolving, using memory scraping and encryption to avoid detection.

Other kinds of malware have been adopting encryption as well, said Gordineer.

“The new exploit kits all have it,” he said.

The reason is that there’s more encrypted traffic than ever before, making it easier for the malware to hide. By the end of 2014, encrypted traffic accounted for 60 percent of all connections.

Some sites, including Google, Facebook, and Twitter have begun routinely encrypting all traffic in order to protect user privacy and improve security.

The volume of encrypted web connections increased 109 percent last year, and has continued to grow through the first quarter of 2015.

“It creates challenges for corporate security,” said Gordineer. “If you have a basic packet filtering firewall in place, it’s basically blind to 60 percent of the connections coming in.”

Even though its activities were exposed last year, a cyberespionage group dubbed Pawn Storm has ramped up its efforts over the past few months, targeting NATO members and potentially the White House.

The first quarter of this year “has seen a great deal of activity from the group,” researchers from antivirus firm Trend Micro said Thursday in a blog post. “Most notably this involved setting up dozens of exploit URLs and a dozen new command-and-control (C&C) servers targeting NATO members and governments in Europe, Asia and the Middle East.”

The group has been active since at least 2007, and it has targeted military and government entities, defense contractors and media organizations. It uses several attack methods against potential victims, including spear phishing emails with malicious attachments, Web-based exploits launched from compromised websites and fake Microsoft Outlook Web Access (OWA) login pages.

Trend Micro documented the group’s attacks in October 2014, revealing its main information-stealing tool is a malware program called Sednit, or Sofacy. The group’s targets included military, government and media organizations in the U.S. and its allies, as well as Kremlin critics and Ukrainian activists and military. This led to speculation that Pawn Storm might serve the interests of the Russian government.

Some new Pawn Storm email attacks no longer include malicious attachments, but links to alleged news articles about geopolitical events. Those links lead to rogue websites that ask visitors to install a browser add-on allegedly needed to view HTML5 video content.

“The add-on in question turns out to be a version of X-Agent or Fysbis spyware if you’re a Linux user, and Sednit if you’re running Windows,” the Trend Micro researchers said.

The group has also continued its phishing attacks using fake Microsoft OWA login pages, with some of the new targets being a large U.S. company that sells nuclear fuel to power stations, the armed forces of two European NATO members and the NATO Liaison in Ukraine.

The White House might also have been targeted, but indirectly. In January, the Pawn Storm group targeted two popular YouTube bloggers with Gmail phishing attacks, several days after they had interviewed President Barack Obama at the White House, the Trend Micro researchers said.

“This is a classic island hopping technique, in which attackers focus their efforts not on the actual target but on companies or people that might interact with that target, but which may have weaker security in place,” they said. “In a similar way, a well-known military correspondent for a large U.S. newspaper was hit via his personal email address in December 2014, probably leaking his credentials. Later that month Operation Pawn Storm attacked around 55 employees of the same newspaper on their corporate accounts.”