Expect more of these scams in South Africa – targetting individuals and businesses
Researchers at Kaspersky’s Security Services show that there are emerging cyber threats that large businesses and governments should prepare for.
As part of its latest Security Bulletin, the security services company said that hackers are repeatedly harming individuals and damaging corporations – and not just financially.
“This threatens not only personal privacy but companies’ reputations,” said the firm.
Emerging threats include cybercriminals using media to blackmail organisations, reporting alleged data leaks, and purchasing initial access to previously compromised companies on the darknet.
Other threats involve the rise of the Malware-as-a-Service model and attacks via the cloud.
The South African Banking Risk Information Centre (SABRIC) noted earlier in 2022 that there has been a concerning increase in cybercrime across the country.
According to estimates, South African businesses experience annual losses of around R250 million due to phishing attacks and internet fraud. On top of that, the South African Reserve Bank (SARB) has identified cybercrime and the increasing use of new technologies as growing threats to the country’s banking industry.
Kaspersky said the following would be relevant to big business and the government sector this year:
Corporate emails at risk
Experts expect data leaks to be more personal in 2023, putting the individual’s privacy or corporate cybersecurity at risk.
“People often use work email addresses to register with third-party sites, which can be exposed to a data leak,” said the security firm.
When sensitive information like email addresses is made publicly available, it may attract the attention of cybercriminals and lead to discussions of potential attacks on an organization on darknet websites, said Kaspersky.
The data can also be used for phishing and social engineering attacks, it added.
Blackmailing and Ransomware blogs
Ransomware actors are increasingly posting about hacking incidents on online publications that have been multiplying – indicating more activity in the online criminal world.
“Cybercriminals used to reach the victim directly, but now they post about the security breach in their blogs immediately, setting a countdown timer to the publication of the leaked data instead of privately demanding a ransom.”
This dark trend will continue developing this year because cybercriminals benefit whether the victim pays up or not, said the firm. “Data is often auctioned, with the closing bid sometimes exceeding the demanded ransom.”
Fake leaks
By claiming they have allegedly hacked a company on a blog post, an extortionist can garner media attention.
“Whether the hack actually happened or not, a leak report might hurt the business.”
To stay safe, it is essential to identify these messages in a timely fashion and initiate a response process similar to that used in information security incidents, said Kaspersky.
Malware-as-a-service
Experts also expect ransomware attacks to grow similarly due to the rise of malware-as-a-service (MaaS) tools, Kaspersky said.
The complexity of attacks will increase, meaning automated systems won’t be sufficient to ensure complete security.
“Furthermore, cloud technology will become a popular attack vector, as digitalisation brings increased cybersecurity risks with it.”