Johannesburg, 30 Sep 2021
Kaspersky research shows that there has been a surge in cyber threat notifications across the continent. In the first half of 2021, 31.5 million threats targeting users and organisations were noted in South Africa – representing an annual growth and increase of 16.6%, while 32.8 million were seen in Kenya – an increase of 15.9%, and 16.7 million in Nigeria – an increase of 24.6%.
This is according to Amin Hasbini, head of Research Center, Global Research & Analysis Team, Middle East, Turkey and Africa at Kaspersky, who was speaking during a webinar on the evolving cyber threat landscape in Africa.
Hasbini said governments, banks and financial institutions are the top targets in Africa. The top ten active threat actors are Lazarus, DeathStalker, CactusPete, IAmTheKing, Transparent Tribe, StrongPity, Sofacy, CoughingDown, MuddyWater and SixLittleMonkeys.
The most threatened industries by country in South Africa, many of them targeted by Lazarus, were government, fintech, manufacturing, IT companies, mining, telecoms, defence, energy and pharmaceutical. In Kenya, the most threatened industries were diplomatic, government, military and education, and in Nigeria, the most threatened were law firms, media, education, NGOs, government, telecoms, diplomatic and the healthcare sector.
“Things have been accelerating for a while now in Africa, and we have been keeping a close eye on the situation,” he said.
In line with changing trends around the world, attackers are moving towards new methods, Hasbini said. “They have expanded beyond Windows type utilities and tools, and are infecting firmware and leveraging mobile implants. We are seeing big game hunting by underground gangs, continued use of naming and shaming, and ‘good enough’ is enough attacks, in which cyber criminals are not deploying additional tools that are not immediately needed. Sometimes this is done with very simple open source tools, which makes tracking them difficult.”
Kaspersky predicts that more countries will start using legal indictments as part of their cyber strategies to protect their critical infrastructure.
Said Hasbini: “Countries have also warned of nation states targeting research facilities – especially Covid-19 related facilities. The emergence of 5G vulnerabilities will become a growing priority as 5G makes connectivity faster but also enables faster attacks. Kaspersky also expects to see an increase in advanced threat actors buying initial network access from cyber criminals; more money demands, ransomware and blackmail; and more disruptive attacks – with more attacks on critical infrastructure such as power grids, nuclear facilities, chemical plants and water facilities.
The number of threats are increasing and the changes are here to stay, he concluded. "We need to deal with them by using the right regulation, tools, skills and human capital."
Third party risk top of mind for banks
Giving a banking perspective on cyber risk, Susan Potgieter, Banking CSIRT and Membership at the South African Banking Risk Information Centre (SABRIC), said South African banks have been very open to collaborating with each-other and the government to prevent cyber crime.
“The ransomware threat is very topical in the South African context; we believe it’s a spray and pray methodology being used by criminals, although they do look for vulnerable entities. Every organisation needs to be ready for a potential ransomware attack by sharing information in a timely manner and staying informed.
South African banks have been very open to collaborating with each-other and the government to prevent cyber crime.
Susan Potgieter, SABRIC.
However, the real top-of-mind issue for the banking sector is third party risk, namely supply chain attacks. Interoperability and the communication networks supporting it creates opportunity. "Management and risk strategies differ, and if there are any configuration weaknesses these will be exploited. I believe it is critical for this particular area to get a lot of attention from all organisations who work with a lot of partners, and they must ensure that partners comply with their security requirements,” she said.
Potgieter added: “One thing that differentiates Africa from the rest of the world is our large digital penetration where many users are not tech savvy, so user awareness and education is critical. We need to spend more money on users and user education to mitigate the risk.”
Mitigation tools
In a poll of webinar participants on which IT security area they plan to invest in over the next six months, respondents said Cloud Security (16%), Endpoint Detection and Response (14%), Threat Intelligence (14%), Fraud Prevention (14%), Security Awareness (29% ), and SOC Technologies and Operations (11%).
Artem Karasev, product marketing lead at Kaspersky, said: “There are several reasons why complex cyber incidents succeed: organisations may ignore the likelihood of a complex attack and implement advanced defences only after a severe incident has occurred; they have non-systematic or ineffective methods for handling cyber incidents due to disparate tools or weak threat intelligence; or they may lack back-up plans, with no third party on hand to provide immediate support and expert guidance in the event of a cyber crisis.”
He outlined Kaspersky’s stage-by-stage cyber security approach from Kaspersky Security Foundations through to Kaspersky Optimum Security and Kaspersky Expert Security, to mitigate the risk of commodity threats, evasive threats and targeted attacks. He noted that Kaspersky Managed Detection and Response provides managed services at all three tiers.