Cybercriminals change tack in SA, use more ransomware during lockdown

  • When many people suddenly had to work from home due to coronavirus lockdown, the focus of hackers shifted from email attacks to online attacks, research by Kaspersky shows.
  • Cyber criminals seem to have switched from crypto mining to focusing on ransomware.
  • They now scan the internet looking for vulnerable servers exposed in SA

Stay vigilant. Hackers will keep trying to capitalise on Covid-19, warns Maher Yamout, senior security researcher at global cyber security firm Kaspersky.

When many people suddenly had to work from home when the coronavirus pandemic lockdown started, the focus of hackers shifted from email attacks to online attacks, Kaspersky research shows.

The first coronavirus case was reported in South Africa on 5 March and the country went into lockdown on 27 March.

Between February and March, Kaspersky saw a shift in South Africa. There was a drop in volume of ransomware attacks to more specifically targeted ransomware ones. Most of the time in SA, ransomware is deployed by exploiting online servers or weak passwords.

So-called crypto mining, on the other hand, was big last year but not so common this year. Cyber criminals seem to have switched from crypto mining to focusing on ransomware.

"Whereas network attacks used to be through methods like phishing emails, they now scan the internet for South Africa looking for vulnerable servers exposed," says Yamout.

At the same time, phishing emails and social engineering are still being used too and email threats in SA increased by 56% between April and May. Social engineering is where an individual is deceived into divulging confidential or personal information. Phishing is where a cyber-criminal pretends to be a legitimate institution sending an email.

Although it is hard to say exactly what the success rate of cyber attacks in SA is, Yamout estimates it could be up to 20%.

"It is hard to say where the hackers originate from since they use scanners all over the world. The sources of hacking attacks in SA could be coming from the US, Asia, Australia, Russia - basically from anywhere," he says.

"Hackers will try to use any medium and technique to exploit individual weaknesses like fake police scams. They will try to hack any online feature, including online movie streaming and online retail, since consumers who use those will expect an email supposedly from that vendor."

Kaspersky research indicates that 72% of South African internet users are unaware about how to check if any of their credentials have been leaked.

Three-in-five employees of small organisations (57%) surveyed were not provided with corporate devices. Only one third of small business staff (34%) indicated they were given any IT security requirements to work securely on personal devices.

"As people try to adapt to the 'new normal' the threat landscape will change as well. We could see certain types of phishing attacks in February, then we saw a big decrease in those the next month, maybe due to increased security controls. Then we saw cyber-criminals shift to different types of attacks again," says Yamout.

Cost to business

Thomas Meisinger, head of business solutions at SPF Distribution, says, "massive data fraud and theft" has been ranked by the World Economic Forum as the number four global risk over a ten-year horizon Cyberattacks take the fifth spot.

During a recent podcast, a team from law firm Webber Wentzel unpacked the impact of cybercrime on businesses in South Africa.

In cases they have dealt with, perpetrators included competitors of a firm, disgruntled employees and even a former director who had been asked to leave, according to Priyesh Daya, who specialises in dispute resolution.

Karl Blom, who specialises in the regulatory framework, said that, before the pandemic, safeguarding company information was about what people were saying in the canteen or at the water cooler.

However, now that people are working from home, they have to be aware when talking about sensitive information while anyone else is in the room. Therefore, both the technical as well as organisational side of the "new normal" must be addressed.

There is also more sharing of devices. For example, children could be using a parent's work device to do homework during lockdown.

One of the big consequences for companies suffering a cyber breach is reputational damage, according to Dario Milo, who specialises in crisis and reputation management.

"Customers will think you play fast and loose with their sensitive information. It is critical to protect your reputation," he explained.

* This article was updated on 15 April.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot