South Africa under cyber attack: ransomware doubles in a year

 ·25 Jul 2022

South African government departments, organisations across industry sectors regardless of size, and individuals face the constant risk of being victims of a cyber attack. While this is not a unique challenge to the country, it is certainly a growing one, says cybersecurity and anti-virus provider Kaspersky.

“If we have a look at the local market, the types of cyber attacks we are seeing impacting businesses, and across different industries, reinforces the need to be vigilant and educate employees on what constitutes cybersecurity best practice, especially as cybercriminals’ tactics and methods evolve,” said James Gumede, SADC territory account manager at Kaspersky.

Ransomware an ongoing challenge

Kaspersky research has found that from January to April this year, ransomware attacks in South Africa have doubled over the comparative period of 2021. Ransomware, which locks a system until a ransom is paid for its release has become the most significant cyber threat, the company said.

“The attack on Transnet last year showed that a successful ransomware breach can stop any business dead in its tracks, resulting in devastating financial and reputational repercussions. But just imagine what could happen if the likes of a hospital, or other critical infrastructure, should fall victim to a compromise. Not being able to access data and systems then becomes a matter of life and death,” said Gumede.

APT a long-term danger

Another growing concern in the local region is that of Advanced Persistent Threats (APTs) that can often stay undetected for months and even years. These complex attacks typically focus on high value targets such as well-known companies and government departments. The goal of an APT is to steal information over a long period of time.

“Our research has found that governments, diplomatic entities and education institutions are increasingly being targeted by APT groups,” said Gumede. “Such is the extent of this threat that South Africa has joined Nigeria and Egypt as the three most targeted countries on the continent. We have found that one of the most active threat actors in this regard is TransparentTribe.

This group focuses on diplomatic entities, educational institutions, government departments, and the military. It uses macro-based malicious documents to penetrate organisations and USBs that can steal data from air-gap networks,” continues Gumede.

Another group very active in South Africa is Lazarus. This threat actor focuses on stealing money and sensitive information possibly for national security purposes. It targets everyone from the military and government to telecoms and pharmaceutical organisations.

“Lazarus has a long history of being behind some of the most devastating attacks in the world that includes the Bangladesh heist in 2016. Having such an influential threat actor active in the country is cause for major concern,” said Gumede.

He said that tracking, analysing, interpreting, and mitigating these constantly evolving cybersecurity threats can place a massive burden on already strained company resources and it is for this reason that using an integrated threat intelligence portfolio of solutions is so critical.

Read: South Africa under cyber attack: Interpol reveals top threats in South Africa

Show comments
Subscribe to our daily newsletter