ESET Threat Report H2 2025: Phishing and Social Engineering Pose Biggest Cybersecurity Risks for South African Organisations – African Business Innovation

ESET Research has released its H2 2025 Threat Report, presenting cybersecurity data and threat intelligence from June to November 2025. The findings highlight phishing and social engineering as the most significant cyber risks affecting South African organisations, with phishing alone accounting for 45.7% of all detected threats in the country—well above the African average.

Researchers also identified rapid global changes in scam tactics, including higher-quality deepfake content, AI-generated phishing websites, and short-lived advertising campaigns designed to avoid detection. Despite the emergence of AI-powered malware worldwide in the second half of 2025, traditional social engineering techniques remain the dominant attack vector impacting South Africa.

Phishing Remains the Leading Cyber Threat in South Africa

ESET Research’s latest Threat Report summarises cybersecurity trends observed through ESET telemetry and expert analysis during H2 2025. Data shows phishing continues to represent the highest-risk category for users and organisations in South Africa, responsible for 45.7% of detected threats compared with 32.5% across Africa.

“Phishing remains the leading initial access vector affecting South African companies,” says Tony Anscombe, Chief Security Evangelist at ESET. “The higher proportion of phishing detections reflects both attacker focus and the continued effectiveness of social engineering. Attackers are prioritising threats that allow them a greater opportunity for monetisation.”

Global Scam Activity Evolves with AI, Deepfakes, and New Platforms

While phishing dominates locally, scam campaigns worldwide are evolving quickly. HTML-based scam operations such as the Nomani investment scam increased by 62% year over year, according to ESET telemetry, although the pace of growth slowed slightly in H2 2025. These scams are expanding beyond Meta platforms to services such as YouTube and are increasingly using higher-resolution deepfake videos, AI-generated phishing sites, and short-duration advertising campaigns that are harder to detect.

Rise of AI-Driven Cyber Threats and PromptLock Ransomware

Artificial intelligence continues to reshape the cyber threat landscape both globally and in South Africa. During H2 2025, ESET researchers identified PromptLock, the first known AI-driven ransomware capable of generating malicious scripts on demand at high speed. Although AI is still most commonly used to produce convincing phishing and scam content, PromptLock signals the emergence of more intelligent, automated cybercrime tools.

NFC-Based Attacks Increasing in Scale and Sophistication

Near-field communication (NFC) threats grew significantly in the second half of 2025, with ESET telemetry showing an 87% increase alongside more advanced campaigns. South Africa’s heavy reliance on card-based payment systems increases exposure to these attacks compared with regions where mobile money is more common. Attackers typically rely on social engineering to trick victims into installing malicious Android apps capable of relaying payment card data and PINs in real time.

Ransomware Trends and Global Attack Distribution

Ransomware activity continues to expand globally, with ESET Research projecting a 40% year-on-year rise in publicly reported victims compared with 2024. While South Africa is not among the most heavily targeted countries—where analysed attacks were concentrated in the United States, followed by Spain, France, Italy, and Canada—local organisations still experienced multiple ransomware incidents during the reporting period.

Akira and Qilin remain two of the most prominent ransomware-as-a-service operations, while a newer group, Warlock, has introduced advanced evasion techniques. The growing use of endpoint detection and response (EDR)-disabling tools further highlights the importance of robust cybersecurity defences.

Law Enforcement Cooperation Against Cybercrime

South Africa is also contributing to international cybercrime prevention efforts. The country participated in Operation Sentinel, a joint initiative led by INTERPOL and AFRIPOL that resulted in 574 arrests and the recovery of approximately $3 million connected to cyber-enabled crimes.

For more details, visit the ESET Threat Report H2 2025 on WeLiveSecurity.com and follow ESET Research on X, BlueSky, and Mastodon for the latest cybersecurity updates.