The South African government has now become the main target for global threat actors, with less focus now being put onto the private sector.
This is according to findings presented at the recent Q12023 Trellix Cyber Threat Intelligence Briefing: Update for South Africa, March 2023.
The data, measured and recorded by Trellix’s Advanced Research Centre (ARC) team and Cyber Threat Management engineers, showed that global threat actors have not relented on their assault on South African systems in the early months of the year.
Even more alarming, the company says, is that government has emerged as attracting more than a third of all attacks, with the education sector a distant second, followed by financial services, utilities, wholesale, media, consumer products, and the services sector.
The data accounts for all files, both malicious and innocuous measured on the firm’s extended detection and response (XDR) platform, which is integrated with multiple existing security systems “to provide a holistic, yet simpler view of threats across the entire technology landscape,” says Trellix.
Carlo Bolzonello, country manager for Trellix South Africa, says that although the South African economy may be growing at a very slow pace, is is quickly adopting advanced technology across the commerce, service delivery and communication sectors. "This transition might leave gaps of exposure for various groups to test weakness left open, as old systems make way for more modern ones,” he says.
The number of total files detected shrunk from over 1.9 million in January 2023, to under 1.8m in February and 1.6m in March. In a seemingly positive trend, this was further down from the 2.6m detected in August 2022, 2.4m in September and 2.7m October.
“However, threat campaigns have been on the rise, from just over 5 000 files, to over 20 000, and back down to over 10 000 between August and October of last year,” Trellix continues.
Top attacks launched by threat actors during Q1 2023 included Mustang Panda, APT40, Backdoor Diplomacy, ATP10, Lazarus, WinntiGroup, Naikon, Vice Society and FIN7.
Notable attacks observed were:
- UNC4191, a cyber espionage operation coming out of Southeast Asia, leveraging USB devices carried by users as the initial infection point;
- AdvancedPersistent Threats (APT) – namely: APT27, APT39, APT28, APT41 – which are typically nation state-backed groups gaining unauthorised access to computer networks, remaining undetected for long periods while mining highly sensitive information; and
CommonRaven, which commonly targets the SWIFT payment infrastructure utilised by major financial institutions.
Share