Cape Town - Cyber crime is a lucrative industry that is milking South African companies but the hackers have little risk of being caught.
While few South African companies are willing to report hacker breaches to their systems, their losses are increasing as cyber criminals turn their attention to the country.
"There are no official crime stats, however, Wolfpack Risk estimates R2.5bn during 2012/2013 financial year. Other international vendors peg the figure in South Africa at R4bn - R5bn. Globally, the estimation is $450bn per annum… and it’s increasing," Craig Rosewarne of Wolfpack Information Risk told Fin24.
Wolfpack is a threat intelligence firm that specialises in understanding and predicting cyber threats.
Hackers have made big news in recent times and the Sony Pictures breach is estimated to cost the company at least $15m, not counting the cost to its reputation.
Most wanted
The US Federal Bureau of Investigation says that Niculae Popescu is its most wanted cyber criminal. According to the FBI, Popescu is wanted for internet fraud where items that did not exist were posted for sale online.
The agency is offering a reward of $1m for information leading to his arrest.
According to the FBI's Internet Crime Report of 2013, people in the 50 - 59 year-old age group made over 53 000 complaints (21.1% of all complaints) on internet fraud and lost over $177m out of a total of $781m for the year.
Most hackers depend on social engineering techniques to compromise their victims.
Cyber criminals exploit computer users with malware and spam. (Duncan Alfreds, Fin24)
"Curiosity is an internal risk that could increase a company's vulnerability. People may have a sense that clicking on a link could be a bad idea, but their curiosity gets the better of them," Brandon Bekker, MD of Mimecast South Africa told Fin24.
"This can unwittingly expose not only the individual to cyber attacks but the entire company network," he added.
One popular scam is that cyber criminals use to extract money from victims is 'ransomware'. Often the victim's computer will freeze and a message, purportedly from the FBI or law enforcement organisation will warn that the computer user is in violation of a particular law.
Multiple targets
People are then directed to a pay site in order to regain access to the machine. This strategy has been particularly successful in former Eastern bloc countries and is making its way westward.
"Businesses, financial institutions, government agencies, academic institutions, and other organisations can and have become infected with it [ransomware] as well, resulting in the loss of sensitive or proprietary information, a disruption to regular operations, financial losses incurred to restore systems and files, and/or potential harm to an organisation's reputation," says the FBI.
In SA, cyber criminals have migrated to target all kinds of organisations as the race to hit wallets is on.
"Initially, banking and government sectors, but recently all organisations from big to small right down to individuals are being targeted. Even charities are not immune. For example, in 2013, a local charity's database was compromised and the hackers targeted donors for supposed donations," said Rosewarne.
Watch this video where Leon van Aswegen of Trustwave explains the basic tips you can do to protect yourself from cyber criminals.
- Follow Duncan on Twitter