ESET Analysis has launched its H2 2025 Menace Report, presenting cybersecurity knowledge and menace intelligence from June to November 2025. The findings spotlight phishing and social engineering as probably the most important cyber dangers affecting South African organisations, with phishing alone accounting for 45.7% of all detected threats within the nation—properly above the African common.
Researchers additionally recognized fast world modifications in rip-off ways, together with higher-quality deepfake content material, AI-generated phishing web sites, and short-lived promoting campaigns designed to keep away from detection. Regardless of the emergence of AI-powered malware worldwide within the second half of 2025, conventional social engineering methods stay the dominant assault vector impacting South Africa.
Phishing Stays the Main Cyber Menace in South Africa
ESET Analysis’s newest Menace Report summarises cybersecurity tendencies noticed by ESET telemetry and knowledgeable evaluation throughout H2 2025. Knowledge exhibits phishing continues to symbolize the highest-risk class for customers and organisations in South Africa, accountable for 45.7% of detected threats in contrast with 32.5% throughout Africa.
“Phishing stays the main preliminary entry vector affecting South African firms,” says Tony Anscombe, Chief Safety Evangelist at ESET. “The upper proportion of phishing detections displays each attacker focus and the continued effectiveness of social engineering. Attackers are prioritising threats that enable them a larger alternative for monetisation.”
World Rip-off Exercise Evolves with AI, Deepfakes, and New Platforms
Whereas phishing dominates domestically, rip-off campaigns worldwide are evolving shortly. HTML-based rip-off operations such because the Nomani funding rip-off elevated by 62% yr over yr, in keeping with ESET telemetry, though the tempo of development slowed barely in H2 2025. These scams are increasing past Meta platforms to providers corresponding to YouTube and are more and more utilizing higher-resolution deepfake movies, AI-generated phishing websites, and short-duration promoting campaigns which might be tougher to detect.
Rise of AI-Pushed Cyber Threats and PromptLock Ransomware
Synthetic intelligence continues to reshape the cyber menace panorama each globally and in South Africa. Throughout H2 2025, ESET researchers recognized PromptLock, the primary identified AI-driven ransomware able to producing malicious scripts on demand at excessive velocity. Though AI remains to be mostly used to provide convincing phishing and rip-off content material, PromptLock alerts the emergence of extra clever, automated cybercrime instruments.
NFC-Based mostly Assaults Rising in Scale and Sophistication
Close to-field communication (NFC) threats grew considerably within the second half of 2025, with ESET telemetry exhibiting an 87% enhance alongside extra superior campaigns. South Africa’s heavy reliance on card-based cost methods will increase publicity to those assaults in contrast with areas the place cell cash is extra widespread. Attackers sometimes depend on social engineering to trick victims into putting in malicious Android apps able to relaying cost card knowledge and PINs in actual time.
Ransomware Traits and World Assault Distribution
Ransomware exercise continues to increase globally, with ESET Analysis projecting a 40% year-on-year rise in publicly reported victims in contrast with 2024. Whereas South Africa isn’t among the many most closely focused international locations—the place analysed assaults have been concentrated in america, adopted by Spain, France, Italy, and Canada—native organisations nonetheless skilled a number of ransomware incidents throughout the reporting interval.
Akira and Qilin stay two of probably the most distinguished ransomware-as-a-service operations, whereas a more moderen group, Warlock, has launched superior evasion methods. The rising use of endpoint detection and response (EDR)-disabling instruments additional highlights the significance of sturdy cybersecurity defences.
Regulation Enforcement Cooperation In opposition to Cybercrime
South Africa can also be contributing to worldwide cybercrime prevention efforts. The nation participated in Operation Sentinel, a joint initiative led by INTERPOL and AFRIPOL that resulted in 574 arrests and the restoration of roughly $3 million linked to cyber-enabled crimes.
For extra particulars, go to the ESET Menace Report H2 2025 on WeLiveSecurity.com and observe ESET Analysis on X, BlueSky, and Mastodon for the newest cybersecurity updates.
