Morocco ranks among Africa's top targets for cyberattacks

Cybersecurity firm Kaspersky has revealed that Morocco is one of the most frequently targeted countries for digital attacks in Africa. This alarming finding was presented during GITEX Africa 2025, which recently concluded in Marrakech, highlighting a significant increase in threats across the continent.

According to Kaspersky's report, which is based on anonymized data from the Kaspersky Security Network, Morocco ranks third among African nations experiencing web-based threats, with a staggering 12.6 million attack attempts recorded in 2024. Kenya leads the continent with nearly 20 million incidents, followed closely by South Africa, which recorded approximately 17 million.

Overall, web threats directed at African businesses have seen a 1.2% increase compared to 2023, with over 131.5 million total threats detected this year. Furthermore, on-device threats have surged by 4% within African organizations since last year, with Morocco among the countries facing this rise, alongside Senegal, Nigeria, South Africa, and Ethiopia.

Data theft has become a critical issue, with spyware attacks on African businesses increasing by 14% from 2023 to 2024. Password-stealing attempts have also soared by 26%, with Kenya, Morocco, and South Africa reporting the highest numbers.

Maher Yamout, Lead Cybersecurity Researcher with Kaspersky’s Global Research and Analysis Team, expressed concerns about Africa's rapid digital expansion, noting that while it presents opportunities, it also exposes the continent to a diverse array of cyber threats. He cited hybrid work arrangements and accelerated digitization as major vulnerabilities for businesses, warning that many organizations are lagging in cybersecurity investments.

The report comes at a time when Morocco is grappling with a significant cybersecurity crisis. Recently, the National Social Security Fund (CNSS) suffered a breach that exposed sensitive salary information for approximately 2 million individuals across 500,000 companies. The Algerian hacking group “JabaRoot DZ” claimed responsibility for this attack, which prompted an extensive security lockdown across government digital infrastructure. Several ministries and public administrations were forced to suspend their online services as a precaution.

Morocco's Center for Monitoring, Detection and Response to Computer Attacks traced the breach to a security flaw in the widely used WordPress “SureTriggers” module. This vulnerability allows hackers to bypass security protocols, creating risks for sensitive data by enabling complex chain attacks through connections with various third-party applications.

The incident has ignited a fierce debate about cybersecurity governance in Morocco. Experts suggest that the breach was likely due to a combination of human error and technical weaknesses. Many government agencies still operate on outdated systems that no longer receive security updates, rendering their networks particularly susceptible to attacks.

In response to the escalating threats, Morocco has faced a series of retaliatory attacks, including distributed denial-of-service (DDoS) campaigns. Recently, the Algerian group DDOS54 launched a major campaign against Moroccan government systems, impacting several ministerial websites.

Security professionals recommend that government institutions conduct regular penetration testing—at least 50 tests every six months—and advocate for the establishment of a national cybersecurity center to enhance coordination among Morocco's digital defenses.

Despite these challenges, Morocco maintains a relatively strong position in global cybersecurity standings. The country is classified as a "vigilant actor" in the fight against financial crime, ranking 75th out of 177 countries according to the 2025 Global Economic and Financial Crime Index.

Kaspersky advises organizations to keep their software updated, limit exposure of remote desktop services, implement comprehensive endpoint detection solutions, utilize threat intelligence, and maintain regular data backups. Yamout concluded by emphasizing the importance of a unified approach, urging enhanced collaboration, investment in specialized cybersecurity training, and promotion of digital literacy to combat the rising tide of cybercrime effectively.