SA ill-prepared against cyber attacks
SA does not have the skills to defend against cyber attacks. Shiny boxes and blinking lights don't solve the problem, as these bring their own problems. Another problem SA faces, is that the time to respond to a security incident is taking too long.
So said Vernon Fryer, chief technology security officer at Vodacom, during his keynote this morning at ITWeb Security Summit 2016, at Vodacom World in Midrand.
To help address this, Vodacom has the largest cyber intelligence centre on the continent, he claimed. "The centre correlates intelligence on events taking place globally, that are shared on a database and correlated against historical data about known attackers.
"This gives us the visibility into what has happened, so we can learn from it, and gain visibility into what's coming down the line, and start matching 'DNA' to attackers so we can track and tag them, the methodologies they use, and suchlike."
Fryer shared some information on three specific incidents that targeted government organisations within countries, as opposed to industries.
The first event, dubbed 'Guy Fawkes', used two primary attack vectors: whaling attacks and imbedded DDOS attacks. "Fireworks and big bangs."
On 5 November 2015, the intelligence centre saw a spike in Anonymous activity. "However, although Anonymous was identified as being involved, they weren't the major player. The destructive players were a group called GhostSec, who featured prominently in attacks against SA."
Financial institutions took the brunt of the Guy Fawkes attacks, and the most targeted countries were Algeria, Angola, Botswana, Chad, Egypt, Ethiopia, Gabon, Ghana, Guinea and Ivory Coast.
From Russia with DOS
The next attack Fryer described was 'From Russia with DOS'. "The Turkish Air Force shot down a Sukhoi Su-24 Fencer that invaded Turkish airspace on the Syrian border.
"Following this, an aggressive cyber attack was launched from 14 to 27 December 2015. Essentially, all DNS of the Turkish .trtop domains was targeted, in what was an infrastructure attack aiming to wipe Turkey off the Internet. Of the six name servers all but one crashed."
Operation Africa, which saw the ANC government on an attack list, was described by its perpetrators, Anonymous, as "a disassembly of corporations and governments that enable and perpetuate corruption on the African continent".
The attacks saw a database within a government department hacked, leaking names, numbers, e-mail addresses and passwords of many government employees, he explained.