Literally millions of South African organisations victim to cyber-attacks, but few of these are reported.
Amin Hasbini, senior security researcher at Kaspersky Lab, points out that banks, government and businesses are all being impacted by security attacks.
“In South Africa, however, these are often overlooked because there is no legislation forcing organisations to report.”
While there has been a massive increase in ransomware attacks across the globe – these have grown 67% over the last few months – targeted attacks are becoming a more potent threat.
Hasbini says that 9% of global organisations have been victims of a targeted attack, with that figure at 7% for South Africa.
“A targeted attack is something that is not received by mistake,” he says. “It has been specifically targeted to your organisation or to an individual in the organisation.”
The industries most likely to suffer these kind of attacks include government, military, industrial, financial, telecommunications, media, research, education and political.
“These are the most targeted organisations and we have seen examples of attacks on all of them in just the last month,” Hasbini says.
Worryingly, many threats have been active for some years and are still ongoing. “In most cases, these people do not get caught and are not brought to justice,” Hasbini says.
Two examples of targeted threats that have impacted the region in the last few months include the Equation APT (advanced persistent threat) and Carbanak.
Equation was one of the biggest cyber espionage campaigns seen in 2015, although some operation began as far back as 1996.
“With Equation, the attackers are not looking for money but intelligence,” Hasbini says.
Equation infects the hard drive’s firmware and is thus almost impossible to remove without physically destroying the drive. And it support all platforms.
When Kaspersky Lab traced Equation it found that the malware was in use around the world. “In South Africa there was a low infection rate, but always very targeted people, people in very important positions,” he says.
Carbanak was launched by a gang targeting banks, infecting their systems and stealing money.
It was first spotted when ATMs began dispensing money apparently spontaneously, with mules picking up and laundering the cash.
However, it was soon discovered that it also involved online banking, e-payment systems, inflating account balances, controlling ATMs annd database manipulation.
“Basically Carbanak is a global criminal activity. It uses spear phishing to infiltrate banks; and it’s all about the money,” Hasbini says.
South Africans may feel fairly immune from cyber attacks, but organisations here have been victims of almost all of the threats experienced around the world.
During the first five months of 2016, for example, users in Gauteng suffered 18,6-million attacks, up from 17-million in the last five months of 2015. Western Cape saw attacks increase from 6-million to 6,7-million, while KwaZulu-Natal grow from 2,4-million to 3,2-million.
