SA banks hit by ransom attacks

Local banks have been hit by a wave of cyber attacks, the South African Banking Risk Information Centre (Sabric), on behalf of the banking industry, said in a statement on Friday.

The wave of ransom-driven Distributed Denial of Service (DDoS) attacks, targeting various services across multiple banks, started on Wednesday. A DDoS attack is an attempt by criminals to crash a website by overwhelming it with a flood of fake traffic or digital requests.

"These attacks started with a ransom note which was delivered via email to both unattended as well as staff email addresses, all of which were publicly available.

"Threat intelligence which has surfaced has revealed that this is a multi-jurisdictional attack with entities from several countries being targeted and should therefore not be viewed as a targeted attack on South African companies only." 

The City of Johannesburg was hit by a similar attack on Thursday night, with a group calling themselves the Shadow Kill Hackers demanding a ransom payment in bitcoin, Business Day reported. In a tweet, the City said it had detected a network breach "which resulted which resulted in an unauthorised access to our information systems". 

The city shut down its website, e-services and billing system in reaction to the attack.

"We must emphasise that DDoS attacks like this one do not involve hacking or a data breach and therefore no customer data is at risk. It does however, involve increased traffic on networks necessary to access public facing services. This may cause minor disruptions," Sabric said. 

"Robust defensive strategies have been invoked across the industry and we are confident that customer impact will be kept to a minimum."

"Despite our banks' preparedness and resilience, we will continue to monitor this situation very closely and respond as required," says Sabric acting CEO, Susan Potgieter.

FNB did not answer specific questions, but endorsed Sabric's comments. 

Standard Bank similarly did not answer specific questions, but said an interruption to its banking services on Thursday had not been caused by "an external cyber event that reportedly impacted the provision of public e-services".

Capitec told Fin24 that although the bank sees "increased attempted criminal activity" around paydays every month, its systems can detect this kind of activity and was not affected. 

ABSA confirmed to Fin24 via email that it informed its customers on Wednesday that it experienced technical difficulties impacting its internet banking services for a brief period due to the DDoS attack, and not a hack. 

"We do experience adverse cyber incidents of some form or another on a regular basis, and these are dealt with in the normal course. To date, we have not experienced an instance where the bank’s own and customer information protection systems were breached," ABSA said. "Our defensive strategies were invoked across our systems and networks, and customer impact was kept to a minimum. We continue to monitor and are responding in real time as needed."

Nedbank CEO Mike Brown also confirmed to Fin24 that the bank and other members of the SA banking industry experienced the DDos attack. "We must emphasise that DDoS attacks such as this one do not involve hacking or a data breach and therefore no customer data is at risk," he said.

"The attack had no impact on local clients who were able to access the bank’s websites and apps.

"Clients accessing our sites from international locations may have experienced intermittent service due to the attack.We continuously invest in our IT security to effectively deal with attacks of this nature and our working assumption is that they will continue across the industry," Brown said. 

*This article was updated at 15:15 on Friday October 25, 2019 to include comments from banks. 

ZAR/USD
17.72
(-0.40)
ZAR/GBP
23.14
(-0.02)
ZAR/EUR
20.78
(-0.05)
ZAR/AUD
12.68
(-0.19)
ZAR/JPY
0.17
(+0.03)
Gold
1997.31
(-1.53)
Silver
27.96
(-3.79)
Platinum
968.00
(-1.62)
Brent Crude
44.95
(+1.33)
Palladium
2218.50
(-0.45)
All Share
56757.73
(-1.56)
Top 40
52435.65
(-1.72)
Financial 15
9897.96
(+0.10)
Industrial 25
74671.49
(-1.98)
Resource 10
58948.78
(-1.89)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Do you think it was a good idea for the government to approach the IMF for a $4.3 billion loan to fight Covid-19?
Please select an option Oops! Something went wrong, please try again later.
Results
Yes. We need the money.
11% - 945 votes
It depends on how the funds are used.
74% - 6298 votes
No. We should have gotten the loan elsewhere.
15% - 1296 votes
Vote