printer friendly version

Credential theft surges in South Africa

With cybercrime now officially ranked as the top business risk in South Africa¹, NEC XON has issued a critical alert about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region. With rising incidents and evolving threat tactics, NEC XON is calling on organisations to rethink security from a static, reactive necessity to a strategic, AI-driven business imperative.

Armand Kruger.

“Credentials have become the skeleton key to an organisation’s digital assets,” says Armand Kruger, head of cybersecurity at NEC XON. “We have uncovered over 10 000 compromised South African credentials on the dark web during recent client assessments. That is not just a statistic, it is an open invitation to attackers.”

These credentials are harvested using malware known as credential stealers, which infect devices such as smartphones and computers to extract all stored login information, whether saved in browsers or on the device itself. Cyber adversaries use these stolen credentials to access services such as online banking and other consumer platforms, take over accounts, and cause significant harm.

Attackers’ favourite entry point

According to the IBM 2024 Cost of a Data Breach Report, compromised credentials are now the most common entry point for attackers in South Africa, responsible for 17% of breaches and costing companies an average of R56 million per incident. The scale is equally alarming at the human level; Mimecast’s 2024 research shows that 40% of breaches are caused by human error, often through phishing and stolen passwords, yet only 22% of companies provide ongoing cybersecurity training.

Kruger explains that in several vulnerability assessments, NEC XON traced stolen credentials to South African domains and active infrastructure, with no multi-factor authentication (MFA) in place. “It is like leaving the front door open and being shocked when someone walks in.”

Corporate credentials are often used to access remote services such as RDP and VPN on corporate networks, enabling attackers to gain an initial foothold in the environment, a common tactic employed by ransomware operators targeting enterprises.

Cybercriminals are using AI

More recently, attackers are calling in the cavalry: AI. According to the World Economic Forum’s Artificial Intelligence and Cybersecurity Report (2025), AI has democratised cybercrime, providing attackers with tools to scale up phishing campaigns, automate social engineering, and develop adaptive malware.

“Cybercriminals are no longer working harder; they are working smarter with AI,” says Kruger. “That is why traditional security models are failing. They simply do not have the resources or speed to keep up.”

The Kaspersky IT Security Economics Report (2025) echoes these concerns, revealing a 26% rise in password-stealing malware across Africa in 2024. Picus Labs’ Red Report 2025 noted a 300% surge in credential theft. The solution, Kruger argues, is to match AI with AI.

“Cybersecurity should not be a grudge purchase. It is a business continuity asset. We work to integrate advanced AI technologies, moving beyond detection towards proactive, adaptive, and business-aligned protection. Cybersecurity is fundamentally about risk management; it is centred on building resilience, the ability to withstand and recover from cyberattacks,” explains Kruger.

Ideally, AI-driven security solutions should include:

• Real-time threat detection and response: Automated investigations allow human experts to shift focus from damage control to prevention.

• Business risk quantification: Aligning security with operational goals improves resilience and reduces cost.

• Optimised security spend: AI efficiencies deliver strong protection without waste.

“Our own managed detection & response (MDR) team recently demonstrated this in action. AI systems intercepted a ransomware threat to a client’s systems by automatically quarantining the malware, disabling compromised credentials, and isolating the endpoint before any damage was done – with no human intervention required.

“Cybercriminals do not wait for board meetings, technical evaluation criteria, RFPs, change control, or operational reviews to assess capabilities. They act with curiosity and intent, constantly probing to see how far functionality can be exploited,” says Kruger. “That is why AI in cybersecurity is not optional anymore, it is a business investment.”

Cyber visibility

Security visibility is another major focus. A trusted partner should deliver AI-driven cybersecurity as a real-time, consumption-based service, including:

• Live dashboards

• Instant response reports

• Collaboration tools that break down digital silos

“Ultimately, it is about delivering cybersecurity that protects and enables the business, not just checking boxes,” says Kruger. “We work hand-in-hand with customers to understand their risk, define measurable goals, and implement intelligent protection.”

The future, he says, is cyber anticipation. “You need to see the threat before it knocks. Proactive foresight and actionable intelligence are essential pillars of institutional resilience. and with the right AI-powered systems in place, you can.”

[1] https://tinyurl.com/49e8wvrn

Share this article:

Further reading: