Remote working to cause 10-fold increase in SA cyber attacks

Read time 3min 10sec
Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky.
Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky.

SA showed a sharp spike in network attacks between 15March and 21 March, with affected devices increasing in number from the 20 000/30 000 average to peak at approximately 310 000 over these few days.

This is according to a Kaspersky Lab report, which states the peak in local attacks coincides with a time in SA when remote working has significantly increased in response to government’s national emergency containment measures in an effort to flatten the curve in the spread of the coronavirus (COVID-19).

The report notes the attack types used varied, yet a third attempted to penetrate the network with brute-forcing of passwords – repetitive attempts at various password combinations.

This technique is common and often works well with weak or repetitively used passwords or poorly configured systems, it notes.

“The region is seeing an increase in attempts to break into the organisation’s systems to establish control over them, sabotage their work, or access sensitive information,” says Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky.

“Remote working provides cyber criminals a prime opportunity to target devices, especially those that don’t necessarily have adequate IT security measures in place. Such a spike recorded, although temporary, leads us to believe cyber criminals have keenly been focused on the region given the current circumstances – have been on the lookout for vulnerable devices to exploit – and likely due to the rapid increase in remote working protocols that have been initiated during this timeframe, especially since the growth in attacks continued until the weekend.”

Observing the statistics of network attacks in SA for the past two months, Kaspersky says it has seen the numbers going above 45 000 attacks a day, while the last week saw this number reach over 300 000.

“In reviewing this spike, it certainly reinforces the need to institute critical security measures for remote working strategies, to ensure effective protection. However, with the spike dropping again, such advice is likely being on-boarded and taken seriously, which is great to see, and we hope continues,” notes Yamout.

Various other scams associated with remote working include e-mail scams, attacks on remote-working infrastructure, human error, weakened security controls, and malicious insiders and housemates.

According to Check Point, in a similar fashion to Black Friday or Cyber Monday discounts, hackers are using the coronavirus pandemic as a special promotion to spread malicious “goods” targeted at both online users and wannabe hackers.

Since the beginning of January, during the period when initial outbreaks were being reported, over 16 000 new coronavirus-related domains were registered, notes Check Point.

“In the past three weeks alone (since the end of February 2020), we have noticed a huge increase in the number of domains registered – the average number of new domains is almost 10 times more than the average number found in previous weeks. 0.8% of these domains were found to be malicious (93 Web sites), and another 19% were found to be suspicious (more than 2 200 Web sites).”

Special offers by different hackers promoting their "goods" − usually malicious malware or exploit tools − are also being sold over the dark net under special offers with "COVID-19” or “coronavirus" as discount codes, targeting other wannabe cyber-attackers.

“In one example, we found a group of hackers that go by the name of SSHacker, that describe themselves as ‘dedicated to providing the best hacking services since 2005’ and now offering the service of hacking into Facebook accounts at a discounted rate,” according to Check Point.

Login with