Top cyber threats facing SA

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 27 Jul 2022

Kaspersky research has found that ransomware attacks in SA have doubled 

from January to April 2022, compared to the same period last year.  

In fact, ransomware has become the most significant cyber threat of our time. 

“The attack on Transnet last year showed that a successful ransomware breach can stop any business dead in its tracks, resulting in devastating financial and reputational repercussions," says James Gumede, SADC territory account manager at Kaspersky. "But just imagine what could happen if the likes of a hospital, or other critical infrastructure, should fall victim to a compromise. Not being able to access data and systems then becomes a matter of life and death."

Gumede says the types of cyber attacks we are seeing impacting businesses across different industries reinforce the need to be vigilant and educate employees on what constitutes cyber security best practice, especially as bad actors' tactics and methods evolve.

Long-term dangers

According to Kaspersky, another growing concern in SA is that of advanced persistent threats (APTs) that often remain undetected on a victim’s systems for months and even years.

These sophisticated and complex attacks typically focus on high-value targets such as well-known companies and government departments, and their goal is to steal information over a long period of time.

Gumede says Kaspersky’s research has revealed that diplomatic entities, public and educational sector institutions are increasingly being targeted by APT groups.

Having such an influential threat actor [Lazarus] active in the country is cause for major concern.

James Gumede, Kaspersky.

“Such is the extent of this threat that SA has joined Nigeria and Egypt as  one of the three most targeted countries on the continent. We have found that one of the most active threat actors in this regard is TransparentTribe. This group focuses on diplomatic entities, educational institutions, government departments, and the military. It uses macro-based malicious documents to penetrate organisations and USBs that can steal data from air-gap networks.”

Another group that is highly active in SA is the notorious Lazarus Group which focuses on stealing money and sensitive information possibly for national security purposes. It targets everyone from the military and government to telecoms and pharmaceutical organisations.

“Lazarus has a long history of being behind some of the most devastating attacks in the world that includes the Bangladesh heist in 2016. Having such an influential threat actor active in the country is cause for major concern,” adds Gumede.

Staying safe

Tracking, analysing, interpreting, and mitigating against today’s ever-evolving security threats can place a tremendous burden on already strained company resources, and using an integrated threat intelligence portfolio can help with this, he adds.

“By integrating up-to-the-minute threat intelligence feeds containing information on suspicious and dangerous IPs, URLs, and file hashes into existing security systems, security teams can inject a level of automation into the process that significantly frees up their time. This enables the organisation to improve and accelerate its incident threat response and forensic capabilities,” he says.

It also helps prevent the exfiltration of sensitive assets and intellectual property from infected machines. Having the ability to detect infected systems rapidly will help ensure that organisations can stay ahead of malicious threat actors.

In essence, threat intelligence creates an environment where the company can detect and prevent attacks like ransomware and APTs from happening in the first place.

“Effective cyber security has evolved beyond just anti-virus and firewalls. It now requires threat intelligence to be incorporated into the entire defensive footprint of a company to safeguard itself from the most significant threats facing them today,” concludes Gumede.