• Home
  • /
  • Malware
  • /
  • SA’s govt entities under attack as space agency hit by data breach

SA’s govt entities under attack as space agency hit by data breach

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 09 Sept 2021

The South African National Space Agency (SANSA) has become the latest government entity to suffer a cyber attack.

In a statement, SANSA says on 6 September, it was notified of a possible breach of its IT systems.

According to the government agency responsible for the promotion and development of aeronautics and aerospace space research in SA, a file consisting of SANSA information was dumped in the public domain.

Although the space agency’s data was found on the public domain, it says its network was not compromised. It says an internal investigation was conducted and it was determined that no network breach occurred.

It points out the file dump was from the public anonymous FTP server that is active at the SANSA Hermanus facility.

The server had personal information of previous students at SANSA, says the organisation.

Following the incident, SANSA says the public anonymous access of the FTP server has been completely removed, while the Information Regulator and the affected parties will be notified.

The recently gazetted Protection of Personal Information Act stipulates that in the event of a security compromise, a person or business that is responsible for personal information has to notify the Information Regulator as well as any parties whose personal information has been accessed or acquired by an unauthorised party.

Says SANSA: “The takedown requests have been sent to sites and domains hosting the data; however, the data might appear on certain internet sites. Most of the data is information that can be accessed in the public domain as it refers to research-related work in space science.”

Owning up

A group calling itself CoomingProject claims it is responsible for the attack on the space agency.

Another state-owned company, Transnet, also recently suffered a ‘disruption’ of its IT systems, which saw the rail, port and pipeline company’s operations coming to a standstill.

On 22 July, Transnet revealed it had suffered a “disruption” of its IT systems in what is widely believed to be a ransomware attack.

Last month, public enterprises minister Pravin Gordhan said Transnet had managed to restore about 90% of its IT systems.

This week, the Department of Justice and Constitutional Development informed the public that it was experiencing challenges with its IT system, which affected services at all offices and courts around the country.

However, the department did not disclose if it had suffered a cyber attack.

It revealed the information systems management section of the department was assessing the extent of the problem to come up with solutions to bring the system back online.

“All network-based justice services will remain offline while the diagnostic work continues. The team of experts is working around the clock to resolve the problem and get the systems working,” the department said on Tuesday.

“The department extends sincere apologies to all clients for any inconvenience caused. It is confident that the affected services will be recovered in the next few days.”

CoomingProject claims it is responsible for the attack on SANSA.
CoomingProject claims it is responsible for the attack on SANSA.

Only human

Commenting on the SANSA data breach, Anna Collard, senior vice-president of content strategy and evangelist at KnowBe4 Africa, says according to Verizon's Data Breach report 2021, human errors are listed as the second most common cause of data breaches in the public sector.

She notes social engineering, miscellaneous errors and system intrusion represent 92% of breaches.

“This, unfortunately, shows we are dealing with the after-effects of low levels of prioritisation for cyber security in general in this sector,” says Collard.

According to KnowBe4’s security culture report 2021, which measures organisations’ security cultures by surveying more than 320 000 employees across 1 872 organisations worldwide, the government sector is one of the industries with the poorest security culture overall.

“With attacks on critical infrastructure on the increase, public sector institutions need to prioritise their cyber security defences and invest in more proactive and mature security cultures. Particularly in emerging economies, such as South Africa, cyber security hasn’t been prioritised enough.”

Collard points out that US president Joe Biden recently declared ransomware actors a national threat, which could deter criminals from attacking the US and shifting their attention to the emerging economies.

“In South Africa, a variety of sectors are highly cyber-dependent, with a general growth in digitisation, mobility and high-speed connectivity. At the same time, we are dealing with a relatively low awareness around cyber security threats, making us an attractive target. More public-private collaboration is needed to assist critical infrastructure providers to prepare for future attacks.”

Huge pay-off

Mikey Molfessis, cyber security expert at Mimecast, is of the view that criminals are increasingly going after high-profile organisations because they are likely to have highly-confidential data, are responsible for delivering services to large sections of the population and generally have the most to lose.

“If the attack is successful, the pay-off is usually high. Attacks have the potential to disrupt an organisation and impact its ability to conduct essential operations or provide critical services to the community, which can have significant consequences. Think reputation, legal recourse and the inability to provide services.

“In addition, since the country went into lockdown last year, government departments and state-owned entities have had to rapidly adapt to very different work and economic environments. A number of high-profile cyber attacks over the last year have left state-owned organisations understandably nervous over cyber security, especially as more of their systems move into cloud environments.

“It is likely that the increase in remote working played a role in this attack. Cyber criminals are able to prey on vulnerabilities associated with this way of working to access the organisation’s system,” Molfessis concludes.