Vehicle tracking firm Netstar has confirmed suffering a “cyber incident”, which resulted in hackers publishing its data online.
This, after MyBroadband yesterday reported that the company suffered a possible ransomware attack from a group called INC Ransom.
A subsidiary of JSE-listed Altron, Netstar offers services such as personal vehicle tracking and fleet management for businesses. It employs GPS/GSM and radio-frequency networks, backed by ground and air recovery teams, to ensure vehicle retrievals.
In a statement issued to ITWeb yesterday, Netstar says the cyber security incident reported in the media on 21 August relates to an incident that occurred on 23 June.
“On this day, Netstar experienced a cyber security incident that temporarily impacted some of its operations,” it says.
According to the company, although a small subset of on-premises servers were encrypted, Netstar was well prepared and able to respond immediately.
It notes that Netstar’s internal teams, supported by external cyber security experts, swiftly contained the incident and restored core operations.
“The investigation into the June incident revealed no evidence that customer data was accessed or removed from Netstar systems. Netstar reported the incident to the Information Regulator at the time, and affected parties were notified,” it adds.
“Netstar was not prepared to engage with the criminal actor group called INC Ransom, and therefore, data allegedly from Netstar was published on a site with limited access late yesterday [Wednesday].
Twice the risk
INC Ransom is a ransomware-as-a-service group that emerged in July 2023. Its modus operandi involves double extortion – it exfiltrates sensitive data and then encrypts systems, threatening to leak that data unless a ransom is paid.
According to cyber security firm Check Point Software Technologies, the INC Ransom group is a serious threat to modern enterprises, especially those without strong cyber security foundations that have not invested in employee security training.
Once the group gains access to an organisation’s systems, it becomes much more difficult to mount an effective defence, it warns.
Trend Micro, another cyber defence company, says INC Ransom targets network devices via spear-phishing scams and exploiting vulnerabilities to gain a foothold on enterprise networks.
It points out that in November 2023, threat actors behind the group leveraged Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway) and exploited CVE-2023-3519 to gain initial access to its victims’ systems.
The victims claimed by the group during this time included Yamaha Motor’s Philippines motorcycle manufacturing subsidiary, where 37GB worth of the enterprise’s allegedly stolen data containing employee identification information, backup files, and corporate and sales information were added to the INC’s leak site.
“Netstar is aware of these [data leak] claims and is in the process of investigating them in collaboration with leading third-party forensic experts. Should new facts emerge, affected parties will be notified and the regulator will be updated without delay,” the vehicle tracking company says.
“To further strengthen the security of its network, systems and data, Netstar has proactively implemented additional safeguards as part of its ongoing commitment to continually enhance its cyber resilience. The security and reliability of Netstar’s services remain the company’s highest priority.”
Targeted victims
In Altron’s financial results for the year ended 28 February, Netstar delivered another robust performance, growing earnings before interest, taxes, depreciation and amortisation by 17% to R935 million.
Total subscribers grew 16% and exceeded two million, supported by double-digit growth in both the consumer and enterprise segments.
The Netstar attack comes as South African organisations are increasingly targeted by cyber criminals.
Mobile operators Cell C and MTN are some of the latest victims to be hit by cyber attacks.
Earlier this year, South African Airways said it was impacted by a significant cyber incident that began on 3 May.
South Africa is the most targeted country in Africa, when it comes to infostealer and ransomware attacks, according to global cyber security company ESET’s bi-annual Threat Report.
Data and expert insight collected between June and November 2024 revealed that over 40% of ransomware attacks and just under 35% of infostealer incidents on the continent occurred in South Africa.
Share