Nearly one in every five people in Nigeria is being targeted by cybercriminals, underscoring the mounting threat that digital crime poses to the nation’s internet users, businesses, and industrial infrastructures, according to a new report by cybersecurity company, Kaspersky.
The analysis made available to Technology Times reveals that 19.9% of Nigerian internet users faced attempted online attacks in the first half of 2025 alone. These included phishing scams, botnets, exploits, Remote Desktop Protocol (RDP) attacks, and network spoofing such as fake Wi-Fi hotspots designed to trick unsuspecting users.
Kaspersky’s findings add urgency to growing concerns over cybersecurity in Africa’s most populous nation, where millions are embracing digital banking, e-commerce, and online services at unprecedented rates.
Kaspersky reports that in the first six months of 2025, its security tools blocked more than 1.46 million online attack attempts against Nigerian users. These web-based attacks were only part of the picture.
Cybercrime: Nigeria’s rising digital risk
Kaspersky reports that in the first six months of 2025, its security tools blocked more than 1.46 million online attack attempts against Nigerian users. These web-based attacks were only part of the picture.
In the same period, 4.97 million on-device incidents were intercepted. These incidents, which affected more than 28.6% of Nigerian users, typically arrived via infected USB drives, CDs, DVDs, and hidden software installers. Once embedded, they unleashed a wide range of malicious payloads: ransomware, worms, backdoors, trojans, password stealers, and spyware.
“Every day, more people in Nigeria are moving their businesses, banking, and daily errands online. But with this opportunity comes a challenge. Cybercriminals are also becoming more active, targeting not only big companies and government networks, but also ordinary people, small businesses, and industrial infrastructures we depend on,” Chris Norton, General Manager for Sub-Saharan Africa at Kaspersky, says.
According to the cybersecurity company’s report, “In Nigeria in the first half of 2025, Kaspersky security tools blocked more than 1.46 million online attack attempts on users. With these threats (that include phishing scams, exploits, botnets, Remote Desktop Protocol attacks, and Network spoofing such as fake Wi-Fi networks), nearly one in five people in the country (19.9%) were targeted. In the same period, 4.97 million on-device incidents were blocked, where 28.6% of Nigerian users faced malware delivered via infected USB drives, CDs, DVDs, and hidden installers, including ransomware, worms, backdoors, trojans, password stealers, and spyware.”
Passwords, Privacy, and Persistence of Cybercriminals
Among the most worrying trends is the steep rise in password-stealing malware.
The report notes a 66% increase in password stealer attacks in Nigeria in the first half of 2025 compared with the same period in 2024. Cybercriminals increasingly deploy trojans and keyloggers to harvest login credentials, banking details, and authentication tokens.
In parallel, spyware incidents surged by 53%. This class of malware secretly monitors user activities, including keystrokes, browsing history, emails, and even screenshots, creating serious risks for personal privacy and corporate confidentiality.
“Attackers are refining their methods,” Norton explains. “They no longer rely on crude techniques. Instead, they deploy sophisticated malware that can stay hidden for long periods, silently exfiltrating sensitive data. For individuals, this may mean compromised bank accounts or stolen social media identities. For businesses, it can mean corporate espionage or financial losses.”
Phishing goes targeted
Although the overall number of phishing attacks detected in Nigeria dropped by 52%, the nature of phishing attempts evolved.
Kaspersky says it recorded more than 595,000 detections of finance-related phishing in the country in the first half of 2025 — a 46% increase compared to the same period last year. These scams impersonated banks, e-commerce platforms, and payment systems to lure users into disclosing their login credentials or making fraudulent payments.
“The fact that phishing decreased overall,” Norton says, “but increased sharply in the financial sector is a red flag. It means attackers are shifting strategy, focusing on what really matters to Nigerians: their money. With mobile banking and fintech services booming, cybercriminals see financial phishing as a lucrative path.”
Kaspersky says attacks were blocked on 26.5% of Industrial Control Systems (ICS) computers in Nigeria in the first half of 2025. These computers are crucial for running factories, power grids, engineering processes, and other critical infrastructure.
Industrial systems under fire
Beyond individuals and businesses, Nigeria’s industrial backbone is also in the crosshairs.
Kaspersky says attacks were blocked on 26.5% of Industrial Control Systems (ICS) computers in Nigeria in the first half of 2025. These computers are crucial for running factories, power grids, engineering processes, and other critical infrastructure.
The sectors most affected included construction, ICS engineering and integration, power and energy, and biometrics industries.
Africa as a whole is among the world’s top regions where ICS systems encounter malicious objects. According to Kaspersky, this raises concerns about the vulnerability of the continent’s industrial digitalisation push.
“Industrial cyberattacks can have devastating consequences,” Norton warns. “Unlike ordinary IT systems, ICS attacks can disrupt electricity supply, halt production lines, or compromise biometric security systems. This is not just about data — it’s about safety and continuity of services.”
The Sub-Saharan Africa threat landscape
The Nigerian figures are part of a wider pattern across Sub-Saharan Africa.
In the first half of 2025, the region recorded 42.4 million web attacks and 95.6 million on-device attacks. Compared with the same period in 2024, spyware incidents more than doubled, while password stealer attacks jumped by 64%. Backdoor infections — malware that allows cybercriminals persistent access to a system — rose by 12%.
Kaspersky’s analysis suggests that as Africa’s digital economy grows, so too does its attractiveness to cybercriminals. With Nigeria at the heart of this ecosystem, the country is a primary target.
SMEs and the knowledge gap
Earlier this month, Kaspersky signed a memorandum of understanding (MoU) with the Small and Medium Enterprises Development Agency of Nigeria (SMEDAN). The agreement seeks to equip SMEs with tools and training to counter cyber threats.
“SMEs are the backbone of the Nigerian economy, but many lack the resources or expertise to defend themselves,” Norton says. “By partnering with SMEDAN, we aim to bridge that knowledge gap and help small businesses adopt affordable, practical cybersecurity measures.”
SMEs face a unique challenge: they are often targeted by the same sophisticated attacks that hit larger corporations, but with fewer resources to respond. For instance, ransomware — which locks files and demands payment for their release — can cripple an SME within hours.
The human element
Experts say that technology alone cannot solve Nigeria’s cybercrime challenge.
“Cybersecurity is not only about having the right tools but also about awareness,” Norton stresses. “Many attacks exploit human error. For example, clicking on a malicious link, using weak passwords, or failing to update software. Building a cyber-aware workforce is one of the most effective defences.”
Kaspersky advocates for tailored training programmes that educate employees and consumers on recognising phishing attempts, safeguarding passwords, and avoiding risky online behaviours.
Financial sector in the spotlight
The Nigerian financial sector is particularly exposed. With fintech adoption soaring, mobile payments, digital wallets, and online banking have become prime targets.
Norton notes that finance-related phishing attacks grew by 46% in the first half of 2025. “Cybercriminals go where the money is. For Nigerian users, this means that any email, SMS, or WhatsApp message claiming to be from a bank or payment service must be treated with extreme caution.”
According to the Central Bank of Nigeria (CBN), over 200 million mobile banking transactions were processed in Q1 2025 alone. With such volumes, even a small percentage of successful scams can translate into significant financial losses for users and institutions.
Policy Implications and the Way Forward
Nigeria’s digital economy ambitions — from e-governance initiatives to fintech expansion — depend on robust cyber resilience. The growing scale of cybercrime underscores the need for stronger policies, better regulation, and coordinated action between government, private sector, and international partners.
“Cybersecurity must be a national priority,” Norton emphasises. “It is not just an IT issue. It’s a business issue, a policy issue, and a national security issue. The countries that thrive in the digital era are those that can secure their digital assets.”
Nigeria has made progress, such as the enactment of the Cybercrime Act 2015 and the establishment of the Nigerian Computer Emergency Response Team (ngCERT). But experts argue that enforcement, cross-border cooperation, and continuous updates to address emerging threats remain critical.
A Call for Shared Responsibility
As the numbers reveal, one in five Nigerians online is already under cyberattack pressure. The question is how the country’s citizens, businesses, and policymakers will respond.
For individuals, simple steps such as enabling two-factor authentication, regularly updating software, and avoiding suspicious links can provide vital protection.
For businesses, investing in security solutions, staff training, and incident response plans is no longer optional.
And for government, strengthening public awareness, building digital capacity, and enforcing cybercrime laws will be essential in securing Nigeria’s digital future.
“Cybersecurity is a shared responsibility,” Norton concludes. “If we all play our part — individuals, companies, and governments — then Nigeria’s digital growth can go hand in hand with digital safety.”
Kaspersky says it is participating at the upcoming GITEX Nigeria event where the company will share practical advice and deliver workshops to help businesses and individuals strengthen their defences against these fast-evolving threats.
Home
