Kathy Gibson reports – Cybercrooks have been busy in the first half of 2021 – and there are no signs that they are slowing down.

Trend Micro’s 2021 Midyear Security Roundup report reveals there are dangerous vulnerabilities across different types of devices and operating systems.

Zaheer Ebrahim, senior sales engineer at Trend Micro Sub-Sahara Africa, says the top threats uncovered in the report include modernised ransomware, where attacks zero in on organisation, extracting valuable enterprise data using schemes known as double extortion.

“These ransomware instances now move laterally across the environment,” Ebrahim explains. “The target a specific environment and know what they are looking for.”

Exploiting vulnerabilities is also a big trends, with criminal operations updating the tools to administer malware campaigns targeting vulnerabilities.

Covid-19 threats now revolve around the vaccine rather than on disease-focused topics that we saw in 2020, Ebrahim says.

There is a re-emergence of cloud threats. “When companies move their workloads to the cloud, there is a new attack vector for attacks,” Ebrahim explains. “When you deploy to cloud, you create images which can be used to exploit vulnerabilities.”

Data gathered from a container honeypot in the first half of 2021 shows that the tools and techniques used to target the cloud have re-emerged, with new features that make them more effective.

In the local context, ransomware is active and many big-name companies have been attacked, Ebrahim says.

“Ransomware affects companies from a monetary point of view, not just from having to pay the ransom but in lost business.”

Around the world, more than 7,3-million ransomware threats were detected in the first six months of 2021.

Modern ransomware actors have successfully blackmailed companies and extracted valuable enterprise data. Most attacks are from the WannaCry and Locky families.

In the first half of 2021, ransomware actors focused on many of the same industries targeted last year, mostly banking, government and manufacturing.

These global trends hold true in the South African context.

Email is still the top ransomware target, with more than 94% still delivered via this vector.

When users started working from home it was difficult to secure their laptops. This year they are better protected and there is sufficient URL protection, so this attack vector has decreased.

In the first half of 2021, Africa contributed 1,7% to global ransomware threats – but on its own, South Africa accounted for 1,05% of them.

“This is concerning,” Ebrahim says. “We used to think we wouldn’t be attacked down here. But we are now being seen as a playground for these attacks, and some are being tested here. In addition, our defenses are seen as being quite weak.”

We have seen a very big uptake in vulnerabilities, Ebrahim explains. “We have seen a lot of vulnerabilities announced by big vendors.”

Specifically, malware campaigns targeting vulnerabilities in operating systems and web browsers have been seen. Cryptocurrency accounts were a popular target during the first half of the year, Ebrahim adds.

There have also been a lot of vulnerabilities that have been found but not year exploited – however, these still pose a risk for users.

Ebrahim points out that Internet of Things (IoT) environments and operational technology (OT) installations ae being targeting.

VPN vulnerabilities are also on the rise, with the increase of people working from home. Although VPN is a security tool it can also be a vector for cyber-threats, Ebrahim explains.

In South Africa, Trend picked up 743 278 malware threats during the first half of the year. “So we are quite highly ranked from an attack perspective, and need to beef up our security.”

Covid-19 threats were a big thing last year, and are still an issue – although there has been a slight drop. Emails, SMS and phishing schemes were all used in these attacks.

The Covid threats are now centred on vaccines.

South Africa is also ranked quite high for Covid threats, with 25 433 691 emails detected, putting us in the top 20 for these threats.

The last category of threats that have been big in 2021 is the re-emergence of old cloud threats. The tools and techniques used to target the cloud have fluctuated back to what we saw in 2019, says Ebrahim.

“Stay alert and be prepared: you need to have the right solutions and security posture,” Ebrahim says. “Today, every end user’s home is the data centre and they need to be protected wherever they are.”

How do we defend against these types of threats, asks Emmanuel Tzingakis, technical lead for Trend Micro Sub-Sahara Africa.

“There are more criminal groups emerging, ransomware as a service is becoming a big thing, and threat actors are increasing.

“Many organisations have different technologies and solutions, but they are no longer siloed. Organisations are trying to collect data from all them, but finding it hard to correlate this data.

“So solutions that can collect and analyse information, and help you to recover, are becoming more important than ever.

“Extended detection and response is a new solution set that can help security teams know what to look for, what is real or a false alert, and where exploitations are coming from.”

People and processes can’t be ignored, Tzingakis adds. “Training employees on using cyber security is becoming absolutely vital.”

Processes are equally important, with research showing that many of the basic rules and processes are not followed. “Having these processes in place is key and many organisations – especially in South Africa – don’t do it.”

Patching is often neglected because of the cost and disruption involved in taking systems down to patch systems, so virtual patching is becoming a vital element in the security environment.

Cyber resilience is a newly-popular topic. “It’s not a case of if you are breached but rather when you are breached,” Tzingakis says. “What do you do in case of an emergency. Do you know what steps you will take if there is a breach.

“Cyber-resilience is about how you respond and recover from an attack, and it becoming key for organisations.”