Publications
Partners
Cape Town - Cyber criminals are engaged in a persistent large-scale target of South African companies, a new security report says.
According to Vernon Fryer, chief technology security officer at Vodacom, hackers have identified SA companies as ideal targets to attack for ransom.
Fryer said that in Africa, SA is the most common target for cyber criminals, followed by Kenya, Uganda and Algeria. The top malware programs include CryptoLocker, Rombertik and Superfish.
One of the most common tools used to attack companies in Africa, though, is a distributed denial of service or DDOS attack. Hackers send large amounts of junk data to servers which then perform slowly or crash.
According to Fryer's data, a typical attack on a local company sees around 4.43 terabytes (TB) of data being directed to a firm, nearly four times the amount of data a large corporation handles.
Vodacom's Cyber Intelligence Centre also reveals that there's been a 150% increase in the number of DDOS attacks in the last 18 months in Africa.
Attacks also typically have short duration and the criminals are brazen about their intentions.
Typical threat
Here is a typical threat message:
"We have not received your payment. But since our email from which we contacted you yesterday got suspended, we are not sure if you replied.
"However, just to make sure, we will give you some more time -until tomorrow. But if not paid until tomorrow, attack will start and price will increase, as explained in first email."
Following such demands, criminals will usually up the tempo of the attack to demonstrate their ability to compromise corporate computer systems.
Spam is an ideal delivery methodology for malware. (Duncan Alfreds, Fin24)
What follows is a final ransom demand, usually demanded in bitcoins which are hard to trace:
"But if you ignore us, and don't pay within 24 hours, long term attack will start, price to stop will go to 50 BTC and will keep increasing for every hour of attack.
"Important: It's a one-time payment. Pay and you will not hear from us ever again! We do bad things, but we keep our word."
Impact
This kind of methodology is often successful because corporate officers are more keen to avoid having to report that their systems have been hacked.
While paying a ransom may seem like a viable option, one security company advises against it.
"Paying for ransom is a dangerous option. For starters, there is no guarantee your files will be returned or that the malware will be removed. Will the hacker exploit you again in six months time?" said Eset South Africa on the topic of ransomware scams.
The company reports that ransomware may be having a larger impact that advanced persistent threat (APT) attacks such as DDOS attacks.
"Remember, this is not a service; they are cyber criminals, even if you pay, you are not going to be 'whitelisted' so you could get infected again therefore it's not a real solution for the future. Prevention is the most important tool against ransomware, since the infection can be usually cleaned afterward, however, the information is not always restored," Eset said.
- Follow Duncan on Twitter
