Business e-mail compromise worsens malware threat to SA
E-mail remains the easiest and most used vector of attack in South Africa and globally.
Malware continues to test the resolve of companies in Africa, and e-mail remains the easiest and most used vector of attack in South Africa and indeed globally.
According to cyber security firm Check Point’s Threat Intelligence Report South Africa: Government and Military, Fakeupdates, FormBook and Qbot were identified as the most troublesome for South Africa during the month of August.
“Formbook and Qbot are significant malware families that have a direct link to phishing campaigns that lead to business e-mail compromise," says Rudi van Rooyen, security engineer at Check Point Software Technologies, Africa. "The flexible and versatile nature of malware families make it popular among cyber criminals, who use them to operate phishing campaigns.”
This research shows an organisation in South Africa is being attacked on average 1701 times per week in the last six months, significantly higher than the global statistic of 1179 attacks per organisation.
The most common vulnerability exploit type in South Africa is remote code execution, impacting 65% of organisations.
In August, Mauritius was the most targeted country in Southern Africa, followed by Zambia, then South Africa and Mozambique in fourth place.
Comms under attack
According to insight from Check Point, globally, the communications sector has displaced healthcare as the second most impacted industry this year.
Check Point listed the education and research sector as the most targeted, with government/military in third place.
Communications is also the most targeted sector in Africa, except for South Africa where ISPs and government are the most targeted.
“The communications sector is unfortunately targeted for slow and stealthy long-term attacks, which go undetected for long periods of time, allowing threat actors to gather intelligence within the network,” says Van Rooyen. “Stealthy infection often starts with a targeted and persistent phishing campaign which evades security tools, creating command and control communication that replicates legitimate network traffic and eventually leads to data exfiltration.”
Check Point also identifies the threat index of countries, which quantifies the risk level linked to specific events and the level of vulnerability to cyber threats.
The South African Threat Intelligence Report states that the country’s threat index stands at 42.2%, which places it in 45th position globally.