Move aside malware, the rising threat is stalkerware

play article
Subscribers can listen to this article
The cyber threat landscape across Africa is constantly evolving.
The cyber threat landscape across Africa is constantly evolving.
  • Cyberattacks, fraud, phishing, breaches and hacks have increased in sophistication, focus and capability, says an expert.
  • Criminals are becoming much more focused - instead of distributing encrypted files widely, they pick a target and find out all they can about that target.
  • In SA half of all companies surveyed suffered a ransomware attack in the past year, which led to an average of seven days of downtime.

Consumers must remain vigilant when it comes to their online activities if they are to keep themselves safe from the growing threat of cyberattacks - especially as criminals become more focused and sophisticated.

Moreover, stalkerware - a more focused form of cyber-attack - is on the rise. 

Lehan van den Heever, enterprise cyber security advisor for Kaspersky in Africa, explains that stalkerware is focused on specific individuals.

Among other things, stalkerware can enable the perpetrator to track a victim's location, read their messages, view their photos and videos, eavesdrop on telephone conversations, and see everything typed on the keypad.

Cyberattacks, fraud, phishing, breaches and hacks have increased in sophistication, focus and capability, according to Anna Collard, senior vice president of content strategy at KnowBe4 Africa.

"Every front is vulnerable, every corner at risk, and the skills required to support organisations in the battle are rare, expensive and hard to find. Furthermore, there is a pressing need to empower women within the cybersecurity space," she says.

No one immune

These warnings come on the back of an attack on Virgin Active's systems on Friday.

On Friday evening, the gym group announced that it had become aware of a cyber-attack and that its security experts "immediately started working with cyber-security experts to carefully contain, manage and investigate the cyber event," it said in a notice posted on its site.  

This was after its site had been inaccessible for some time during the day. 

It said it had been targeted by "sophisticated cybercriminals" and had taken its systems offline as it attempted to resolve the issue. 

There was no indication that any data had been removed from its systems, Virgin Active said. 

Ransomware? Don't pay up 

Kaspersky's research, which indicates around 4% of mobile phone users in SA are affected by malware, also says that nearly half of ransomware victims in South Africa paid the ransom in 2020.

However, few have their full data returned.

Ransomware is a type of malware which criminals use to extort money. It holds data to ransom using encryption or by locking users out of their device.

"Handing over money doesn’t guarantee the return of data, and only encourages cybercriminals to continue the practice."
- Maria Titova, Kaspersky

"Handing over money doesn’t guarantee the return of data, and only encourages cybercriminals to continue the practice," says Marina Titova, head of consumer product marketing at Kaspersky.

Kaspersky suggests avoiding clicking links in spam emails or on unfamiliar websites and do not open email attachments from senders you do not trust. Also never insert USBs or other removal storage devices into your computer if you do not know where they came from.

Criminals research you, personally

"While a few years ago, they would spread encrypted files on a large scale, today, their ransomware attacks have become more focused. Now, fraudsters examine the target in detail and research each target, looking for additional leverage," says Titova.

"Infamous ransomware gangs behave like a fully-fledged online service provider, using traditional marketing techniques. The cybercriminals now carefully analyse stolen data and the market. Before publishing information, they study the contacts of the company and identify well-known customers, partners and competitors."

Roman Dedenok, security expert at Kaspersky adds that they have witnessed a massive transformation in how ransomware gangs play in the market nowadays. The only reason for this shift is their immense profit.

Corporate doxing 

According to Kaspersky researchers, another targeted threat to watch out for is "corporate doxing". This is the process of gathering confidential information about an organisation and its employees without their agreement to harm them or profit from it. 

The proliferation of publicly available information, data leaks and advancement of technology are leading to a state in which tricking employees into giving out confidential information or even transferring funds is becoming easier than ever before.

One of the methods used to dox organisations is Business Email Compromise (BEC) attacks. BEC attacks are targeted attacks in which criminals initiate email chains with employees by impersonating someone from the company.

In February 2021 Kaspersky detected 1 646 such attacks, underlining the vulnerability of organisations when it comes to the exploitation of publicly available information. Generally, the purpose of such attacks is to extract confidential information, such as client databases, or to steal funds.

In order to avoid or minimise the risk of a successful attack on an organisation, Kaspersky's tips include to establish a rigid rule to never discuss work-related issues in external messengers outside of the official corporate messengers and to train your employees to strictly adhere to this rule.

"Unfortunately, there has been an increase in the sophistication of malware threats – which may be hiding on the user's device within a seemingly legitimate file for a while, to fly under the radar, and only strike later," warns Denis Parinov, a cybersecurity expert at Kaspersky.

"The cyber threat landscape across Africa is constantly evolving. A few years ago, there were much more drive-by attacks – cases when different malicious software is downloaded and being run while the user simply browses the internet. Nowadays, most of the web-threats 'stays in browser': they specialise in content replacement, browser locking or clickjacking, online-skimming and cookie stuffing."

The 2021 State of Email Security report by email security and cyber resilience company Mimecast highlights the challenges facing global and South African organisations. According to Brian Pinnock, cybersecurity expert at Mimecast, the pandemic-driven digital transformation of work has led to a huge increase in the volume of emails - and email-borne threats - across the globe. 

"Nearly half (48%) of South African organisations reported significant increases in the volume of email, and yet 12% still don't have any email security in place," he says. 

The report shows that in SA half of all companies surveyed suffered a ransomware attack in the past year which lead to an average of seven days of downtime; phishing attacks have surged by 57% since the pandemic began; 99% of organisations reported being concerned that bad actors spoofed their company's email domain; and 94% of companies would be concerned if a counterfeit website misappropriated their company's brand.

Financial fraud 

Momentum financial adviser Janine Horn says the ploys of online fraudsters are becoming incredibly difficult to detect, and so are their agendas. 

"It's no longer simple financial fraud – this new wave of online scamming now encompasses identity theft, voter manipulation, misuse of personal data - and everything in between," she says.

"Finding information online can be misleading. Not all sources are credible and not all people who are vocal on these channels are experts. Be careful not to fall for scams or fraudsters. An SMS or message asking for your personal details or bank account number - with no context - is a massive red flag."

According to the Financial Intelligence Centre (FIC), cyber criminals want to obtain your identity number, your bank account details, your PIN (personal identity number), passwords or any other particulars that will give them access to further information on you, on your bank accounts, access to your current or potential earnings, to that of your family if possible, to the grant or pension money you receive and to any other information or details on you which would tell them more about you.

Horn advises that if you ever have any doubts, it is a good idea to phone the entity in question to confirm the specific details that they need, and why. If it's too good to be true, it probably is.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Show Comments ()
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders