Cybercrime is a growing concern in Lesotho. Cyber criminals engage in activities such as fraud, identity theft and hacking in order to gain unauthorised access to cyber systems and data.
The following features highlight the nature and impact of the threats faced by internet users in Lesotho:
- Phishing attacks – they are a common cyber threat in Lesotho, where attackers attempt to deceive individuals into revealing sensitive information such as login credentials or financial details. Phishing
attacks usually lead to identity theft, financial loss, unauthorised access to personal or organisational accounts. - Malware and Ransomware – Malicious software, including ransomware poses a significant threat to Lesotho’s digital infrastructure. Malware infect systems and disrupt critical services, steal sensitive data and enable unauthorised access to systems. Ransomware specifically encrypts files, and demands a ransom for their release, causing financial and operational disruptions.
- Social engineering – cyber criminals often employ social engineering techniques to manipulate individuals into revealing confidential information or performing actions that compromise security. This can include tactics like impersonation, pretexting, or bating, targeting individuals’ trust or exploiting their emotions to gain unauthorised access or compromise systems.
- Insider threats – they refer to individuals within organisations who exploit their privileged access to commit cyber crimes. This can include unauthorised data access, theft of intellectual property or
sabotage. Insider threats are either intentional or accidental, highlighting the importance of robust access controls and monitoring mechanisms.
