South Africa is bracing for an escalation in cybercriminal activity in 2025, aligning with rising global threats. However, incidents in the country could intensify at an even faster pace, according to Charl van der Walt, head of security research at Orange Cyberdefense.
Van der Walt’s warning follows a spate of cyberattacks in 2024 that targeted several major South African companies and at least four government departments or state-owned entities. He explained that cybercrime evolves from a systemic combination of political, economic, sociocultural, and technological factors, and that the trajectory of crime in the country will shift only if these underlying drivers change.
While Van der Walt noted that South Africa’s technology infrastructure is largely comparable to that of other nations, the country lags on key indicators such as digital adoption, universality, and security capabilities. “Socioculturally and economically, things remain the same, or arguably evolve to increase crime. Politically, the situation is only getting more complex, both in Africa and the ‘global north’,” he said.
He stressed that the volume and intensity of cybercrime globally show little sign of decline, with activity often shifting in response to geopolitical dynamics. “In today’s climate, it’s very hard to predict if and how geopolitics shapes cybercrime in (South) Africa, but I can see very few scenarios in which the near future looks more secure to us,” he added.
A tough year for cybersecurity in South Africa
In 2024, cyberattacks struck several key government-linked organisations:
- January: The International Trade Administration Commission of South Africa (ITAC) suffered a ransomware attack, with employee and stakeholder data potentially compromised.
- February: The Government Pensions Administration Agency (GPAA) faced a breach involving the theft of 68GB of sensitive data. The hacking group LockBit claimed responsibility.
- June: The National Health Laboratory Service (NHLS) was hit by a cyberattack attributed to BlackSuit, resulting in the theft of 1.2TB of data and widespread disruption to its IT systems.
These high-profile breaches underline South Africa’s growing vulnerability to cyber threats targeting both public and private sectors.
Cyber extortion and fraud on the rise
Van der Walt categorised the major classes of cybercrime impacting South Africa into two types: Cyber Extortion (CyX) and digital fraud and scams.
“Cyber Extortion is opportunistic by nature, requiring only exposed digital systems and a willingness to pay ransom. South Africa has both of those,” he said. While the country’s smaller economy and international cybersecurity efforts offer some level of insulation, the risks remain high.
Digital fraud and scams, on the other hand, are adapting more closely to local contexts. Business email compromise (BEC) scams are expected to rise, fueled by lower digital literacy and weaker financial governance among South African organisations. Orange Cyberdefense also anticipates a surge in fraud stemming from fraudulent SIM swaps and alternate payment systems, while crypto thefts are expected to be less frequent.
Rising threat from state-aligned activities
Van der Walt also flagged state-aligned hacktivism and cyber espionage as growing concerns for South Africa. He noted that while espionage is ongoing and often discreet, hack-and-leak campaigns, disinformation efforts, and attacks on critical infrastructure represent more disruptive forms of power projection.
South Africa’s exposure to these diverse forms of state-aligned cyber activity could impact the country’s long-term financial and political stability, he warned.