Share

Cyber crooks turn to low-tech trickery

accreditation
Shutterstock [http://www.shutterstock.com]

Johannesburg - Cybercriminals’ use of social engineering tactics to trick company employees into exposing key data has one local technology expert worried.

Amanda Mills, the group technology manager at GroupM South Africa, told delegates attending this week’s IDC CIO Summit in Johannesburg that social engineering attacks are a worrying phenomenon.

To illustrate this trend, Mills highlighted one example of a cybercriminal who learnt that a CEO had a passion for cancer research.

The cybercriminal pretended to be part of a cancer initiative and approached the CEO to ‘raise funds’ for it. To allow the CEO to find out more, the crook offered to email the executive a PDF document outlining details about the initiative. Instead, the CEO received an emailed document that had a shell trojan virus which gathered sensitive information about the company in question.

But Mills said the risk of social engineering can affect all employees: those who are too trusting and even those who think they are invisible to attacks.

"Even the most skeptical of employees can be vulnerable because the attacks are sophisticated enough they appear legitimate,” she told attendees during her talk on the subject.

"It's arguably the most insidious and dangerous method of malicious exploitation currently in the IT landscape and I will defend that to my dying day.

"So, attackers gain access to the network by exploiting the trusting nature of employees,” she added.

Mills added that, in most cases, the cyber crooks are going after the CEO of a company to steal sensitive data belonging to businesses.

Apart from social engineering, Mills listed other cyber threats that could hurt businesses such as users who click on dangerous links, malware, device theft, email spoofing and phishing attacks

"The face of threats is definitely changing. And when I say changing, I mean from the perspective of maybe 10 years ago, external penetration was a real threat,” she said.

"Confidential information leakage and sensitive information distortion and data loss and scenarios where data, your intellectual property, your businesses’ monetised commodity that's leaving the network: those are identified now as the greatest threats in terms of security.

"It's not, ironically, the North-South movement of data that is your problem. It's the East-West movement, so movement within your organisation that is so often overlooked,” she said.

South Africa’s growing cybercrime levels

South African businesses lost an estimated R5.8bn to cybercrime as breaches continue at an alarming rate, underwriter Candice Sutherland told Fin24 earlier this month.

Sutherland added that around 974 million company records were lost or stolen in 2014, which amounts to an estimated 31 records every second.

Mainly by disgruntled employees stole these records as well, Sutherland said.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.94
-0.2%
Rand - Pound
23.91
-0.1%
Rand - Euro
20.43
+0.2%
Rand - Aus dollar
12.34
+0.1%
Rand - Yen
0.13
-0.2%
Platinum
910.50
+1.5%
Palladium
1,011.50
+1.0%
Gold
2,221.35
+1.2%
Silver
24.87
+0.9%
Brent-ruolie
86.09
-0.2%
Top 40
68,346
+1.0%
All Share
74,536
+0.8%
Resource 10
57,251
+2.8%
Industrial 25
103,936
+0.6%
Financial 15
16,502
-0.1%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders