Cyber crooks have SA in their crosshairs

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 13 Oct 2021
Zaheer Ebrahim, Cyber Security Consultant at Trend Micro.
Zaheer Ebrahim, Cyber Security Consultant at Trend Micro.

SA ranks in the top 30 most targeted countries for malware attacks and top 20 for COVID-19-related e-mail threats.

So said Zaheer Ebrahim, cyber security consultant at Trend Micro, discussing SA’s vulnerabilities during a roundtable event yesterday.

According to Trend Micro’s mid-year cyber security report, ‘Attacks from all Angles’, there has been a 47% year-on-year increase in e-mail threats as well as malicious files and URLs in the first quarter of 2021 worldwide.

The research identified vulnerabilities across a slew of device types and operating systems, highlighting a growing need for holistic and scalable cyber security solutions at private sector, public sector and individual levels.

According to Ebrahim, SA’s technology landscape mirrors that of other regions, which has seen bad actors using it as a testing ground for attacks before these are launched at their intended targets.

Ransomware top, again

Ransomware remained the most prominent threat globally in the first six months of 2021, and he said the pandemic shone the spotlight on how easy it is to buy ransomware-as-a-service on the dark Web.

The African continent made up 1.7% of these attacks, with the majority (1.05%) being targeted at SA. Trend Micro’s findings show that SA was number 27 in the world when it comes to being targeted by malware attacks, and number 19 when it came to email threats related to the pandemic.

When it comes to modernised ransomware, he said its ariants are becoming quite advanced and can now move laterally within the environment. So if malware or a phishing e-mail comes into an account, it won’t drop its payload in that account, but will detonate laterally within the environment, and target a specific person or environment.

“From an advanced persistent threat (APT) perspective, we are seeing a lot of extortion requests... From a localised perspective, we are seeing a lot of our customers, particularly in the public sector, being targeted by ransomware variances and being held to ransom. This doesn't only affect them from a monetary perspective, but from an operations basis too.”

Who is spending what?

Until recently, cyber security was viewed as a rather pricey operational cost by many local organisations, the comoany noted. But the increases in breaches and other incidents have highligted the value of investing in security, as well as the time it saves in the long run.

Cyber security spend among Trend Micro’s customer base in SA has grown by between 30 and 40% year-on-year, alongside an uptick in new customers. “We expect to see the maturity of these customers increase sharply in the coming year because it's no longer a case of if you are going to fall victim to cyber security breaches, but rather a case of when," Ebrahim adds.

A shift to WFH

Before COVID-19 struck, when the majority of workers were office-based, it was easier to secure endpoints and data centres. But he traditional perimeter security has disappeared. "It is now found wherever the workforce is, be it at their homes, in hotel rooms, coffee shops or co-working spaces. The job now requires moving workloads to the cloud and securing every employee, their homes and personal mobile devices, all of which have become companies’ new data centres.”

Ebrahim says this saw VPN usage soar to all-time highs in 2020. “However, this sudden shift to the cloud and global reliance on VPNs has also seen an increase in phishing e-mails that appear to come from IT asking for admin login credentials, fake installers embedded within malware and malicious link baiting.”

The shift from on-prem to cloud-based working platforms has made virtual patching invaluable, however, it remains a monumental challenge within the local context that requires urgent attention. “Much like a plaster that is placed over a wound, virtual patching allows the cyber security team to secure the company’s identified vulnerabilities, while the SOC team restarts their servers and machines post update.”

Streamlining processes

Ebrahim also spoke about the need for security operations centres (SOCs) to streamline their security processes without sacrificing reliability. “One way to do this is through endpoint detection and response (EDR), which continually monitors and responds to mitigate cyber threats. EDR can be likened to a CCTV camera that records all the activities that occur at an endpoint.”

Although it might not prevent a cyber security threat, Ebrahim says it can reveal what happened so companies can strengthen their security retrospectively, learn from the incident, and secure any weaknesses.

He also discussed the zero trust model, which is a security concept centred around the belief that businesses should not automatically trust anything either inside or outside their perimeters, but should rather treat everything as suspicious, and verify anything and everything trying to connect to its systems before granting access.

“It only authorises selective access to employees and devices based on the least required access that is needed to perform tasks,” says Ebrahim.

He stresses that it is critical to consider the people, process and technology upon which cyber security is built. “Despite having access to the latest cyber security technologies and an internal SOC team that is supported by a third party cyber security suppliers, buy-in and know-how from the employees within the organisation is key.”