Cyber security firm Kaspersky has warned that over a million company user accounts were compromised using a ‘data stealer’ in South Africa since 2021, and that the data may well have ended up on forums and markets on the dark web.
The company said the average price that criminals charge for access to corporate systems in the Middel East, Turkey and Africa (META) region was around $2 100 (almost R36 000). On the global market, this is as much as $4 000 (R68 000).
Presenting new research at its recent ‘Cyber Security Weekend’ in Jordan, the company said there are generally three ways criminals get into a network. They can exploit vulnerabilities in the network perimeter through unpatched software, vulnerabilities in web applications, or misconfigured services. Another way is through phishing, and here a malicious link could be in counterfeit business correspondence or fake links for online meetings or in documents.
They gain also access through a data stealer. Here, data is stolen from unwitting employees’ machines while they continue to work, and then this data is transferred to a server and then sold on the dark web. The company says it found 1 270 617 accounts were stolen in South Africa since the beginning of 2021, while Kenya saw just over 375 000 compromised accounts.
Access to company networks
Kaspersky found that other than offering corporate data for sale, attackers are also selling access to company networks to other criminals such as ransomware operators. It said the price for access is relatively inexpensive when compared to the damage that can be done later, and that the price will be tailored to a company’s revenue. Globally, 42% of offers for the sale of access are less than $1 000 (R17 000) and three-quarters of the offers will allow remote desktop access.
The META region accounts for only 8% of global offers to gain access to corporate infrastructure, but one offer was recorded at $25 000 (R427 000). It said that access to over 100 enterprises in META with average revenues of $500m have been on sale in the dark web for the last two years.
ndustry computers under fire
Almost 40% of industrial computers came under attack in the Middle-East, Turkey and Africa in 2022, according to Kaspersky.
The company said these industrial control systems (ICS) are used in a wide range of industries, including oil and gas, energy, automotive, and manufacturing, and that the attacks could cause the production line or the whole facility to be shut down.
From January to September this year, Kaspersky said 39.3% of computers in the region’s oil and gas sector were attacked as well as 38.8% of building automation systems. The region’s energy sector saw 33.8% of machines attacked. In South Africa, malicious objects were blocked on 36.1% of ICS machines, and of these, 14.6% came from the internet and 17.8% came through email.
The company also warned that the ICS environments were a new target for ransomware gangs.
Eugene Kaspersky, co-founder and CEO of the company, said it was seeing an increase in the number of highly professional criminal gangs, and which are much smarter and more experienced than in the past.
He said these groups are developing highly complicated and professional cyberattacks ‘and it’s, unfortunately, getting more complicated to protect against these’.
He said the gangs are also shifting their attacks from enterprise and business networks to industrial systems.
“Five years ago we had about 100 APT groups; right now it’s about 900. Most of them are state-sponsored and use espionage tools,” said Kaspersky.
“Three years ago we had 340 000 new malicious applications every day. Now we have more than 400 000 new unique malicious files; it’s our daily catch. There are more and more criminals and hackers joining the cybercrime business and more and more people developing malware. These are huge numbers. The numbers are scary, and it’s getting bigger; cybercriminals are more active and there are more people in this business.”
Share