- When many people suddenly had to work from home due to coronavirus lockdown, the focus of hackers shifted from email attacks to online attacks, research by Kaspersky shows.
- Cyber criminals seem to have switched from crypto mining to focusing on ransomware.
- They now scan the internet looking for vulnerable servers exposed in SA
Stay vigilant. Hackers will keep trying to capitalise on Covid-19, warns Maher Yamout, senior security researcher at global cyber security firm Kaspersky.
When many people suddenly had to work from home when the coronavirus pandemic lockdown started, the focus of hackers shifted from email attacks to online attacks, Kaspersky research shows.
The first coronavirus case was reported in South Africa on 5 March and the country went into lockdown on 27 March.
Between February and March, Kaspersky saw a shift in South Africa. There was a drop in volume of ransomware attacks to more specifically targeted ransomware ones. Most of the time in SA, ransomware is deployed by exploiting online servers or weak passwords.
So-called crypto mining, on the other hand, was big last year but not so common this year. Cyber criminals seem to have switched from crypto mining to focusing on ransomware.
“Whereas network attacks used to be through methods like phishing emails, they now scan the internet for South Africa looking for vulnerable servers exposed,” says Yamout.
At the same time, phishing emails and social engineering are still being used too and email threats in SA increased by 56% between April and May. Social engineering is where an individual is deceived into divulging confidential or personal information. Phishing is where a cyber-criminal pretends to be a legitimate institution sending an email.
Although it is hard to say exactly what the success rate of cyber attacks in SA is, Yamout estimates it could be up to 20%.
“It is hard to say where the hackers originate from since they use scanners all over the world. The sources of hacking attacks in SA could be coming from the US, Asia, Australia, Russia – basically from anywhere,” he says.
“Hackers will try to use any medium and technique to exploit individual weaknesses like fake police scams. They will try to hack any online feature, including online movie streaming and online retail, since consumers who use those will expect an email supposedly from that vendor.”
Kaspersky research indicates that 72% of South African internet users are unaware about how to check if any of their credentials have been leaked.
Three-in-five employees of small organisations (57%) surveyed were not provided with corporate devices. Only one third of small business staff (34%) indicated they were given any IT security requirements to work securely on personal devices.
“As people try to adapt to the ‘new normal’ the threat landscape will change as well. We could see certain types of phishing attacks in February, then we saw a big decrease in those the next month, maybe due to increased security controls. Then we saw cyber-criminals shift to different types of attacks again,” says Yamout.
Cost to business
Thomas Meisinger, head of business solutions at SPF Distribution, says, “massive data fraud and theft” has been ranked by the World Economic Forum as the number four global risk over a ten-year horizon Cyberattacks take the fifth spot.
According to Clive Brindley, senior manager in the security practice at professional services company Accenture in Africa, South Africa has experienced a cross-industry spike in cyberattacks in 2019, making it a country with the third-highest number of cybercrime victims worldwide.
“Our research found that approximately R2.2 billion a year is lost to cyber attacks,” he says. “Overall malware attacks increased by 22% which translated to 577 attempted attacks per hour.”
During a recent podcast, a team from law firm Webber Wentzel unpacked the impact of cybercrime on businesses in South Africa.
In cases they have dealt with, perpetrators included competitors of a firm, disgruntled employees and even a former director who had been asked to leave, according to Priyesh Daya, who specialises in dispute resolution.
Karl Blom, who specialises in the regulatory framework, said that, before the pandemic, safeguarding company information was about what people were saying in the canteen or at the water cooler.
However, now that people are working from home, they have to be aware when talking about sensitive information while anyone else is in the room. Therefore, both the technical as well as organisational side of the “new normal” must be addressed.
There is also more sharing of devices. For example, children could be using a parent’s work device to do homework during lockdown.
One of the big consequences for companies suffering a cyber breach is reputational damage, according to Dario Milo, who specialises in crisis and reputation management.
“Customers will think you play fast and loose with their sensitive information. It is critical to protect your reputation,” he explained.