Malware is on the rise. (Duncan Alfreds, Fin24)
Cape Town – Corruption is the open door that leads to organisations being hacked in South Africa, a cyber security firm has warned.
In South Africa, many organisations are compromised by collusion between criminals and corrupt employees, according to experts.
“The big issue here in SA is internal employees or contractors colluding with criminal syndicates - providing inside information or access credentials,” Craig Rosewarne, managing director of Wolfpack Information Risk, told Fin24.
Email is the predominant method cyber criminals use to attack South Africans, experts have said.
“Email is definitely still one of the primary vectors utilised by these criminals - based on research conducted by Mimecast, 75% of IT professionals in South Africa regard email as a common attack vector,” Orlando Scott Cowley, cyber security strategist at Mimecast told Fin24.
READ: Huge spike in ransomware infections
The company found that 90% of cyber attacks begin with an email.
Typically, a cyber scam begins with a maliciously sent email with a “hook” such as a Sars refund, tickets to a concert, or an account payment as bait.
“While the methods used to infect are the same, the hooks used to trick people into clicking on infected attachments and links may be different, since phishers not only use global events - Olympic Games, World Cup, natural disasters or celebrity gossip - but also use local topical events and news to lure people,” David Emm, principal security researcher at Kaspersky Lab told Fin24.
Data from the security firm showed that SA ranked ninth with 8.2% of users attacked with banking malware.
Cyber criminals have also modified their attack method to focus on key people in organisations – a technique known as spear phishing.
“We have seen a massive increase in spear phishing emails being sent to key people - with malicious attachments or re-directing them to dangerous websites to either infect their device or harvest information or encrypt their information and demand a ransom,” said Cowley.
Once cyber criminals have infected a computer system, they will usually lock the device to demand a ransom in virtual currency, increasing over time.
READ: Company bosses must take the fall for cyber failures
However, SA is also seeing an increase in so-called hacktivism. Cyber actors target specific companies or organisations to make a political point.
“Also on the increase is DDOS attacks against companies – if done by hacktivists to take them off line to teach them a lesson… if done by cyber criminals then to extort money – pay or we take you down again. Motive is an important aspect in this,” said Cowley.
Cyber hacking collective Anonymous Africa has targeted the SABC, and Oakbay Investments companies such as ANN7 and The New Age.
Cowley rated local hackers as “generally more low-tech or collusion types of crimes but increasing in sophistication. Outside hacks are more advanced.”
“Whereas South Africa isn’t among the top regions for cybercrime development (ie malware for profit), there is always the possibility of attacks within the country that have other motivations - in this case, ‘hacktivism’, ie a DDoS attack designed to make a social or political point,” said Emm.
The technical inability of local hackers though, need not be an impediment to their ability to carry out cyber attack campaigns.
“Even if they [hackers] don't have the technical skills themselves, the crooks can often simply ‘rent’ what they need - typically using the Dark Web to get in touch with each other, wherever they might be in the world,” Paul Ducklin, senior technologist at Sophos told Fin24.
- Follow Duncan on Twitter