The increase in cyberthreats recorded by global internet security firm Kaspersky in the first half of this year across South Africa amounted to 31.5 million.
“Threats can be categorised as criminal (80% of attacks), targeted (19.9%), and advanced (0.01%). The advanced grouping is significantly more sophisticated and feature increased investment from attack groups. Unfortunately, both criminal and targeted threat vectors learn from the advanced category to enhance their own attack techniques,” says Amin Hasbini, Head of Research Centre, Global Research & Analysis Team, Middle East, Turkey and Africa at Kaspersky.
Attacks Are Becoming More Sophisticated
Hasbini says that the current trends show that attackers around the world are embracing more sophisticated methods to compromise systems and data. For instance, they are looking at non-Microsoft environments, infecting firmware, and even embarking on ‘big game hunting’ exercises focused on high-profile targets with lots of money.
South Africa, Kenya and Nigeria have all shown significant annual growth in the number of threats targeting companies and users when compared to the same period last year: Kaspersky recorded a 24.6% increase in Nigeria, followed by South Africa with a 16.6% and Kenya with a 15.9% increase, respectively.
The most dominant threat actors on the continent identified by Kaspersky include Lazarus, DeathStalker, CactusPete, and IAmTheKing.
The Ransomware Question
Ransomware has also become a significant threat vector targeting users and organisations locally. And when looking at future predictions, Kaspersky notes that ransomware development will continue.
“Our research shows that the most threatened industries common across these three countries are government and telecommunications, with diplomatic, education, and healthcare also being cause for concern. We have also seen large service-oriented organisations being targeted, for instance telecommunications, because of the services they provide high-profile companies. Threat attacks are using these as platforms to gain access to other businesses,” says Hasbini.
According to Susan Potgieter, banking CSIRT (cyber incident response) and member of SABRIC (the South African Banking Risk Information Centre), the potential of such third-party risks or supply chain attacks remains a grave concern for financial institutions.
“Banks spend millions on cybersecurity and implementing best-of-breed solutions. For them, it is about doing everything they can to protect their infrastructure and products – and keeping their channels safe for consumers. With ransomware on the increase, banks are collaborating more by sharing information of threats, keeping each other informed, and enabling the industry to take more proactive action,” says Potgieter.
Furthermore, Kaspersky warns of 5G vulnerabilities, targeted ransomware gangs using generic malware and more disruptive attacks along with more money demands, threatening and blackmailing.
“Of course, the growth of 5G across Africa means hackers have a new platform to exploit. Furthermore, advanced threat actors will buy network access from other cybercriminals. This will also result in increased collaboration between these cybercriminals and cyber gangs as they look at more effective ways of achieving their objectives. Different gangs will also start specialising in tools and other methods to better advance penetration. As people and companies rely more on technology, the number of threats will continue to increase. People must accept the risks of living a connected lifestyle and embrace the technology and tools available to safeguard themselves,” adds Hasbini.