Business e-mail compromise worsens malware threat to SA

Rudi van Rooyen, security engineer, Check Point Software Technologies, Africa.

Malware continues to test the resolve of companies in Africa. Research by cyber security firm Check Point identified Fakeupdates, FormBook and Qbot as the most troublesome for South Africa during the month of August.

The research confirms that e-mail is the easiest and most used vector of attack in South Africa and indeed globally.

“Formbook and Qbot are significant malware families that have a direct link to phishing campaigns that lead to business e-mail compromise," says Rudi van Rooyen, security engineer, at Check Point Software Technologies, Africa. "The flexible and versatile nature of malware families make it popular among cyber criminals, who use them to operate phishing campaigns.”



Check Point also identifies the threat index of countries, which quantifies the risk level linked to specific events and the level of vulnerability to cyber threats. According to the latest Threat Intelligence Report South Africa: Government and Military, South Africa’s threat index stands at 42.2%, which places it in 45 position globally.

This research shows an organisation in South Africa is being attacked on average 1701 times per week in the last six months, significantly higher than the global statistic of 1179 attacks per organisation.

The most common vulnerability exploit type in South Africa is remote code execution, impacting 65% of organisations.

Comms under attack

According to Check Point’s Global Threat Index for August 2023, the communications sector has displaced healthcare as the second most impacted industry this year.

Further insight by Check Point confirmed that education/research was the most targeted, then government/military in third place.

Communications is also the most targeted sector in Africa, except for South Africa where ISPs and government are the most targeted.

Van Rooyen said, “The communications sector is unfortunately targeted for slow and stealthy long-term attacks, which go undetected for long periods of time, allowing threat actors to gather intelligence within the network. Stealthy infection often starts with a targeted and persistent phishing campaign which evades security tools, creating command and control communication that replicates legitimate network traffic and eventually leads to data exfiltration.”

Maya Horowitz, VP Research at Check Point Software, added, "The digital transformation wave in South Africa underscores the importance of steadfast cyber security. As one malware is countered, another emerges, highlighting the dynamic nature of cyber threats.”

Check Point urges organisations and individuals to remain vigilant, practice good security hygiene, and leverage advanced technologies to protect against evolving threats.

The company advocates organisations adopt a prevention-first approach, based on a cyber security strategy that is comprehensive, consolidated, and collaborative.