Blog
Post read time 5 min read

The State of Cybersecurity in Morocco: Key Statistics and Insights

In an era where digital transformation is rapidly shaping economies and societies, cybersecurity has become a cornerstone for securing information and assets. Morocco, as a growing hub for technology and innovation, is no exception. This comprehensive analysis delves into the current state of cybersecurity in Morocco, providing valuable insights, statistics, and studies that highlight the challenges and advancements in this critical domain.

Key Statistics for Cybersecurity in Morocco

1. Global Cybersecurity Ranking

  • In 2024, Morocco joined the Tier 1 group of the Global Cybersecurity Index (GCI) by the ITU, scoring 97.5/100 and becoming the only Maghreb country in this elite category. Source
  • Morocco ranks 32nd globally on the National Cyber Security Index (70.13%), showcasing its commitment to strengthening cybersecurity. However, rankings in ICT development and networked readiness highlight areas for improvement:
  • 32nd National Cyber Security Index: 70%
  • 50th Global Cybersecurity Index: 82%
  • 100th ICT Development Index: 48%
  • 81st Networked Readiness Index: 3%

Morocco’s Cybersecurity Focus Areas

Cybersecurity in Morocco

This graph shows cybersecurity in Morocco focus areas by percentage. Key strengths include protection of digital services and personal data (100%), while areas like cyber threat analysis (20%) and military cyber operations (0%) need improvement. Source

2. Cybercrime Incidence

Morocco continues to face a rise in cyber threats, with pro-Algeria hacktivist groups like Anonymous Algeria and EvilBbyte targeting key entities, including Morocco Telecom and Moroccan Airlines. These attacks often involve DDoS, data theft, and website defacement. Recently, Morocco’s internet providers experienced Remote Desktop Protocol (RDP) breaches, and a major cyberattack in Agadir affected over 16,000 IP addresses.

Advanced threat actors, such as ‘Cyb3r Drag0nz’ and ‘Team 1919’, have leaked sensitive data, including credentials for 30,000 students, and targeted critical infrastructure. Ransomware groups, like STORMOUS, have exploited vulnerabilities to gain unauthorized access to networks.

Phishing campaigns, notably by the ‘Starry Addax‘ group, have increasingly targeted activists in Morocco and Western Sahara, exploiting political tensions. These threats underscore the growing cybersecurity risks in politically sensitive regions. Source

In response, Morocco’s security services blocked 644 cyberattacks in 2024. The General Directorate of Information Systems Security (DGSSI) enhanced protection measures for vital infrastructure, intervened in 134 cases, and reinforced 64 critical platforms. Additionally, 16 vulnerability alerts were issued to further safeguard Morocco’s digital infrastructure. Source

3. Financial Impact

  • Cyberattacks impose significant financial costs on Morocco’s economy, particularly in sectors like telecommunications, transportation, and government services. The African Cyberthreat Assessment Report by INTERPOL highlights that cybercrime costs Africa over USD 4 billion annually, with Morocco accounting for 8% of detected cyberattacks, making it one of the continent’s most targeted countries. (Download Report PDF)
Interpol_Report_2024Download
  • 2023 Banking Cyberattack: CIH Bank fell victim to a cyberattack in 2023, where 105 clients were deceived, and 3 million Moroccan Dirhams were stolen. This was one of several cyberattacks on Moroccan banks in recent years.

4. Government Initiatives

  • The National Cybersecurity Strategy, launched in 2021, aims to enhance Morocco’s resilience against cyber threats by:
    • Establishing a National Cybersecurity Incident Response Center (CERT).
    • Promoting cybersecurity education in schools and universities.
    • Collaborating with international organizations for threat intelligence sharing.
  • Programs like Cyber Awareness Days in collaboration with local universities have reached over 50,000 participants annually, educating students and professionals on digital safety.
  • The Digital Morocco 2025 Strategy aims to increase cybersecurity training, targeting 100,000 certifications by the end of 2025.

5. Moroccan Hackers

Moroccan hackers have been ranked as the most dangerous in North Africa, according to the 2024 Global Digital Fraud Index by SumSub. The report, cited by La Razón, placed Morocco third in Africa with a global rating of 3.51 points, highlighting its growing role in the global cybercrime landscape.

Notable Malicious Hacking Groups
  • Storm-0539 (Atlas Lion): Known for cloud identity exploitation and gift card fraud, stealing up to $100,000 daily through phishing, fake domains, and charity impersonation.
  • Moroccan Ghosts: Specializes in cyber espionage and data breaches, targeting government and private sector entities.
  • Dark Atlas: A newer group conducting ransomware attacks on Moroccan businesses, causing financial and operational disruptions.
The Rise of Ethical Hackers

While malicious hackers are a major threat, ethical hackers are stepping up to fight cybercrime and improve cybersecurity in Morocco.

SecureWeb Hackers, a group of ethical hackers and bug bounty hunters, has been instrumental in securing online assets for businesses, government institutions, and universities across the world. Through their website secureweb.ma and YouTube channel (@secureweb.m), they share knowledge, tutorials, and best practices to promote cybersecurity awareness.

Meet the Experts

Zakaria EDDAFRI
Zakaria EDDAFRI (MR OWL): Ranked #1 on HackenProof Hall of Fame for 2024, submitted the most paid bug reports, showcasing his expertise in identifying and resolving critical vulnerabilities. His achievements have set a new standard in the bug bounty community.
Amine SAJID
Amine SAJID: Identified critical vulnerabilities in Moroccan universities and provided penetration testing services for leading companies in Morocco. His expertise extends globally, having reported several CVEs and vulnerabilities to international giants such as NASA, Sony, AT&T, and Eurofins.
Salah-Eddine El Azzabi
Salah-Eddine El Azzabi is a cybersecurity expert and experienced trainer, recognized for uncovering critical vulnerabilities in major tech platforms. As a pentester, malware analyst, and bug bounty hunter, he contributed to securing digital systems, while also sharing his expertise through professional training.

Other Initiatives

  • Cybersecurity Competitions: Events like Akasec CTF encourage young talent to develop ethical hacking skills.
  • Training Programs: These are Top 5 places to learn cybersecurity in Morocco with certifications: Read article

Secureweb Analysis in Morocco:

Our assessment of Cybersecurity in Morocco (for businesses) reveals key cybersecurity trends:

  • 53% of Moroccan businesses contacted by us do not care about cybersecurity, even after we explain the risks associated with their vulnerabilities.
  • 40% of businesses expect their single IT staff member to manage all security-related issues.
  • 78% of businesses only begin to adopt a cybersecurity strategy after experiencing a hack or breach.
  • Only 4% of businesses demonstrate strong cybersecurity practices proactively.

Challenges of Cybersecurity in Morocco

Despite ongoing efforts and improvements, cybersecurity in Morocco still faces significant challenges that need to be addressed.

  • The government and universities’ websites still use outdated technologies with insufficient cybersecurity practices, making them vulnerable and easily hacked.
  • Lack of skilled professionals: Morocco faces a significant shortage of cybersecurity experts. Many job openings remain unfilled due to a mismatch between employer needs and available skills. Improved education and training programs are essential to bridge this gap and strengthen cybersecurity in Morocco.
  • Absence of Bug Bounty Programs (BBPs): Morocco lacks proactive measures like BBPs/VDPs, which reward people for finding and reporting security flaws. These programs help fix problems before hackers can exploit them. Starting such programs would take cybersecurity in Morocco to another level and make its digital systems safer.
  • No secure coding training: Secure coding practices for developers are not prioritized, leaving room for vulnerabilities.

Best Practices for Individuals and Organizations

For Individuals:

For Organizations:

Conclusion

Cybersecurity in Morocco is at a pivotal juncture. While the nation faces significant challenges, there is evident progress driven by government initiatives, private sector investments, and rising public awareness. By continuing to prioritize cybersecurity and fostering collaboration among stakeholders, Morocco can build a safer digital environment for all.

Stay updated

If you found this post helpful, don’t forget to subscribe to our newsletter for more cybersecurity tips and tutorials. Feel free to leave a comment below if you have any questions or topics you’d like us to cover in future posts.

Follow Secureweb

Related Posts

Invest in Cybersecurity: Turning Protection into Profit
Blog
Invest in Cybersecurity: Turning Protection into Profit
Worst 5 Developer Mistakes in Cybersecurity and How to Fix
Blog
Worst 5 Developer Mistakes in Cybersecurity and How to Fix
Public Wi-Fi Security: 7 Tips to Stay Safe
Blog
Public Wi-Fi Security: 7 Tips to Stay Safe

Leave a Reply

Your email address will not be published. Required fields are marked *