South African government departments, organisations across industry sectors regardless of size, and individuals face the constant risk of being victims of a cyberattack.
While this is not a unique challenge to the country, it is certainly a growing one which requires the reprioritisation of cybersecurity countermeasures, says Kaspersky.
“If we have a look at the local market, the types of cyberattacks we are seeing impacting businesses, and across different industries, reinforces the need to be vigilant and educate employees on what constitutes cybersecurity best practice, especially as cybercriminals tactics and methods evolve,” says James Gumede, SADC territory account manager at Kaspersky.
Ransomware an ongoing challenge
Kaspersky research found that from January to April this year, ransomware attacks in South Africa have doubled over the comparative period of 2021. In fact, ransomware has become the most significant cyberthreat of our time.
As the name suggests, ransomware locks a system until a ransom is paid for its release.
“The attack on Transnet last year showed that a successful ransomware breach can stop any business dead in its tracks, resulting in devastating financial and reputational repercussions. But just imagine what could happen if the likes of a hospital, or other critical infrastructure, should fall victim to a compromise. Not being able to access data and systems then becomes a matter of life and death,” adds Gumede.
APT a long-term danger
Another growing concern in the local region is that of advanced persistent threats (APTs) that can often stay undetected for months and even years. These complex attacks typically focus on high value targets such as well-known companies and government departments. The goal of an APT is to steal information over a long period of time.
“Our research has found that governments, diplomatic entities and education institutions are increasingly being targeted by APT groups,” says Gumede. “Such is the extent of this threat that South Africa has joined Nigeria and Egypt as the three most targeted countries on the continent.
“We have found that one of the most active threat actors in this regard is TransparentTribe. This group focuses on diplomatic entities, educational institutions, government departments, and the military. It uses macro-based malicious documents to penetrate organisations and USBs that can steal data from air-gap networks.”
Another group very active in South Africa is Lazarus. This threat actor focuses on stealing money and sensitive information possibly for national security purposes. It targets everyone from the military and government to telecoms and pharmaceutical organisations.
“Lazarus has a long history of being behind some of the most devastating attacks in the world that includes the Bangladesh heist in 2016. Having such an influential threat actor active in the country is cause for major concern,” adds Gumede.
Safeguarding business systems
Gumede says that tracking, analysing, interpreting, and mitigating against these constantly evolving cybersecurity threats can place a massive burden on already strained company resources and it is for this reason that using an integrated threat intelligence portfolio of solutions is so critical.
“By integrating up-to-the-minute threat intelligence feeds containing information on suspicious and dangerous IPs, URLs, and file hashes into existing security systems, security teams can inject a level of automation into the process that significantly frees up their time. This enables the organisation to improve and accelerate its incident threat response and forensic capabilities,” he says.
Using a threat intelligence solution empowers the company to prevent the exfiltration of sensitive assets and intellectual property from infected machines. Having the ability to detect infected assets quickly will help ensure the business can stay ahead of malicious threat actors.
“Fundamentally, threat intelligence creates an environment where the company can detect and prevent attacks like ransomware and APTs from taking place. Effective cybersecurity has evolved beyond just anti-virus and firewalls. It now requires threat intelligence to be incorporated into the entire defensive footprint of a company to safeguard itself from the most significant threats facing them today,” concludes Gumede.