South Africa under cyber attack: Interpol reveals top threats in South Africa

 ·30 Oct 2021

A new report published by the International Criminal Police Organisation, commonly known as Interpol, gives key insights into cybercrime in Africa. The result of cross-sector collaboration, the African Cyberthreat Assessment Report 2021 will help countries in Africa to understand the most prevalent threats and formulate a coordinated regional response to cybercrime.

The Interpol report identifies the most prominent threats in Africa, based on input from Interpol member countries and data drawn from private sector partners.

The top five threats are:

  • Online scams: fake emails or text messages claiming to be from a legitimate source are used to trick individuals into revealing personal or financial information;
  • Digital extortion: victims are tricked into sharing sexually compromising images which are used for blackmail;
  • Business email compromise: criminals hack into email systems to gain information about corporate payment systems, then deceive company employees into transferring money into their bank account;
  • Ransomware: cybercriminals block the computer systems of hospitals and public institutions, then demand money to restore functionality;
  • Botnets: networks of compromised machines are used as a tool to automate large-scale cyberattacks.

The African region experienced attacks against critical infrastructure and frontline services during the pandemic, Interpol said. This was most prominently seen in South Africa and Botswana. For instance, South Africa’s Life Healthcare Group, responsible for managing 66 health facilities, was hit by a serious and sustained cyberattack. Interpol’s  partner, Trend Micro, recorded millions  of threat detections in Africa from  January 2020 to February 2021:

  • Email: 679 million detections
  • Files: 8.2 million detections
  • Web: 14.3 million detections

More specifically, South Africa had 230 million threat detections in total.

The exploitation of these vulnerabilities within South Africa was further highlighted by Accenture, who identified that South Africa has the third-highest number of cybercrime victims worldwide, at a cost of  R2.2 billion a year, Interpol said.

“The scale of this cyber criminality is further evidenced when we consider that the country has seen a 100% increase in mobile banking application fraud and is estimated to suffer 577 malware attacks an hour,” the policing group said. Such malware attacks are one of the emerging threats.

The South African Banking Risk Information Centre (SABRIC) evidenced that “gross fraud losses on South African issued cards increased by 20.5% from 2018 to 2019” with CNP fraud and banking malware attacks, behind only Russia.

“Yet this number fails to take into account the influx of Covid-19 related phishing attempts and the financial, emotional and mental impact they have on victims.

“Stolen data from carding scams is auctioned off to the highest bidder or sold within underground forums – meaning unsuspecting victims of credit card fraud in the African region may have their credit card information misused globally following the breach.”

Another growing concern for African member countries is cryptocurrency scams, in which threat actors seek to defraud victims of their cryptocurrency, the report noted. An ISS report has highlighted two examples of cryptocurrency investment scams in South Africa.

“These examples involved, firstly, a Ponzi scheme where thousands of investors were allegedly scammed out of 588 million USD in Bitcoin by the company Mirror Trading International in 2020. The second case was where the two founders of the trading company Africrypt allegedly absconded with $3.6 billion from investors in April 2021.”

South Africa was therefore one of the top ten countries globally where threat actors received the highest volume of cryptocurrency from illicit addresses.

In addition to investment scams, a growing threat in the cryptocurrency space is that of wallet phishing, where threat actors utilize false or misleading advertisements, imposter domains, fake wallet or decentralized finance platforms to obtain a victim’s cryptocurrency wallet private keys, thus enabling them to steal funds from the victim’s accounts, the crime-fighting unit said.

Trend Micro identified some IP addresses in Africa that were used to send out digital extortion spam messages. Digital extortion seeks to target individuals with either allegations of sexually compromising images or through direct blackmail campaigns.

While such threats are not new on the threat landscape, the move towards a digital society – particularly within the African region – has created new attack vectors for criminals to both obfuscate their identity and target new victims.

From January 2021 to May 2021, the count of unique IP addresses is about 10.6% of the overall number. The top sender countries include South Africa, Morocco, Kenya and Tunisia. The IP addresses can be from botnet networks or dedicated VPSs rented by cybercriminals.

South Africa was the country most heavily affected by targeted ransomware in the first quarter of 2021, with a variety of families such as Crysis, Nefilim, Ryuk, Clop, and Conti ransomware. Subsequently, Egypt was the next hardesthit country with a similar profile of targeted ransomware detection.

From analysis to action

“Not only do criminals exploit vulnerabilities in cyber security across the region, but they also take advantage of variations in law enforcement capabilities across physical borders,” said Craig Jones, Interpol’s director of Cybercrime.

“Interpol’s regional cybercrime strategy for Africa provides a robust framework for sharing intelligence and coordinating action to strengthen the law enforcement response across Africa and beyond,” said Jones.

The strategy focuses on the areas of criminal intelligence, law enforcement operations, regional capacity and capabilities, and awareness campaigns for businesses and the general public.

Implementation will be driven by Interpol’s African Cybercrime Operations Desk, working in close partnership with key regional stakeholders, in particular the African Union and Afripol, law enforcement communities and the private sector.

Recognizing the need for a change in the approach to cybercrime within Africa as a region that is embracing digital transformation, the report concludes with Interpol’s regional cybercrime strategy to support member countries in Africa. The strategy encompasses the four strategic objectives below:

  • Enhancing cybercrime intelligence for effective responses to cybercrime;
  • Strengthening cooperation for joint operations against cybercrime;
  • Developing regional capacity and capabilities to combat cybercrime;
  • Promoting good cyber hygiene for a safer cyberspace.

Read: Here are the top 5 digital scams in South Africa to be aware of

Show comments
Subscribe to our daily newsletter