Blog

Quad9 Cyber Insights: from Malawi

Rack of servers and networking equipment, lit with white light from the back.

Executive Summary

Quad9 is a global DNS service that offers enhanced cybersecurity measures, privacy protection, and improved Internet performance. Quad9's arrival in Malawi marks a pivotal advancement in fortifying the country's digital infrastructure, bringing with it enhanced cybersecurity safeguards, robust privacy protection, and a boost in Internet performance.

Digital literacy is still evolving in Malawi. The communities here are prime targets for the Internet's sophisticated measures to seed malware. Quad9's ability to block access to malicious websites is thus of paramount importance to this nascent Internet economy. Providing vital protections from phishing, malware, and ransomware for both individual users and organizations, especially in sectors like government, education, and healthcare, which often handle sensitive data is part of Quad9's primary objective.

The implementation of Quad9 in Malawi is a low-cost, high-impact solution to enhance digital security, performance, and privacy. It aligns with the nation's goals to advance its digital infrastructure while protecting and empowering its citizens in the digital domain.

The full report can be downloaded here.

Introduction

Quad9's extensive global network of servers ensures a faster, more reliable Internet experience. DNS responses are provided from infrastructure hosted at the country’s established Internet Exchange Point, meaning that this is the most neutral, and fastest possible route for Malawian network operators. In a country where Internet data pricing is still comparatively high and Internet speeds can be inconsistent, reducing the spread of malvertising, as detailed in the report provides immediate economic benefits to end-users. Overall, this means improved access to digital resources, more seamless online transactions, and a boost in overall user experience.

To safeguard our users, Quad9 blocks DNS lookups of malicious host names using continually updated threat information. This proactive measure protects computers, mobile devices, or IoT systems from a broad spectrum of cyber threats, such as malware, phishing, spyware, and botnets Quad9’s DNS-based blocking cannot prevent all possible risks – only those that are attributable to attacks that have a DNS component, which is estimated to be 30% of all cyber attacks [1].

Blocked_queries.png
Total daily volume of Quad9 blocked queries in Malawi since the 1st November 2023

Most prevalent threats

Since the deployment of Quad9 services in Malawi in November 2023, many Malawian users have been shielded from a variety of cyber threats, including phishing, stalkerware, spyware, and malvertising. In this section, we will discuss the key threats that target Malawian Internet users. The detailed description of the attacks can be found in the full report.

Top_threats.png

Conclusions

Over the years, it has become easier and cheaper for cyber criminals to attack Internet users. Quad9’s mission is to improve the security and stability of the Internet and reduce users' vulnerability to risk and become more effective in their daily online interactions - even in the face of growing cyber attacks.

By preventing connections to malicious sites, Quad9 eliminates exposure to risks before they are downloaded to computers or a victim can see the fraudulent website. The inability to reach a malicious host means that defenses such as virus protection or user-based detection such as certificate examination are never called into action.

The substantial amount of mitigation events observed in Malawi suggests a heightened rate of cyber threats, including malware, phishing attacks, and stalkerware insertions. Notably, the ratio of blocked queries to legitimate DNS queries is often more than 4%, a figure that's considerably higher than in other regions where Quad9 has gathered data. In some cases, this block rate level exceeds that of other locations by up to two orders of magnitude, underscoring the significantly elevated cyber threat landscape in Malawi.

Quad9 is a non-profit organization, whose main goal is to protect end users against harm while providing them private and trustworthy access to DNS resources, all at no cost to the end user. The ability to provide reports, either automated or researched, is an option that is a supportable output of our larger mission to improve cybersecurity and Internet stability.

This partnership between Quad9 and the Malawi Internet Exchange Point (MIX) in Blantyre has emerged as a cornerstone in the landscape of cybersecurity in Malawi. The cooperation between these two entities underscores the significance of collaborative efforts in enhancing Internet security and infrastructure. MIX's commitment to providing a robust platform for Internet exchange has been pivotal in supporting Quad9's objective of delivering secure DNS services. This synergy not only fortifies cybersecurity within Malawi but also extends its impact globally. Such partnerships are essential in navigating the evolving challenges of cybersecurity and in safeguarding the digital ecosystem into the future.

[1] GCA Report