Here’s How Cyber Crooks Get in the Door

Cape Town – Corruption is the open door that leads to organizations being hacked in South Africa, a cyber-security firm has warned.

In South Africa, many organizations are compromised by collusion between criminals and corrupt employees, according to experts.

“The big issue here in SA is internal employees or contractors colluding with criminal syndicates – providing inside information or access credentials,” Craig Rosewarne, managing director of Wolfpack Information Risk, told Fin24.

Email is the predominant method cybercriminals use to attack South Africans, experts have said.

“Email is definitely still one of the primary vectors utilized by these criminals – based on research conducted by Mimecast, 75% of IT professionals in South Africa regard email as a common attack vector,” Orlando Scott Cowley, cybersecurity strategist at Mimecast told Fin24.

The company found that 90% of cyber attacks begin with an email.

Typically, a cyber scam begins with a maliciously sent email with a “hook” such as a Sars refund, tickets to a concert, or an account payment as bait.

“While the methods used to infect are the same, the hooks used to trick people into clicking on infected attachments and links may be different, since phishers not only use global events – Olympic Games, World Cup, natural disasters or celebrity gossip – but also use local topical events and news to lure people,” David Emm, principal security researcher at Kaspersky Lab told Fin24.

Data from the security firm showed that SA ranked ninth with 8.2% of users attacked with banking malware.

Cybercriminals have also modified their attack method to focus on key people in organizations – a technique known as spear phishing.

“We have seen a massive increase in spear phishing emails being sent to key people – with malicious attachments or re-directing them to dangerous websites to either infect their device or harvest information or encrypt their information and demand a ransom,” said Cowley.

Once cybercriminals have infected a computer system, they will usually lock the device to demand a ransom in virtual currency, increasing over time.

However, SA is also seeing an increase in so-called hacktivism. Cyber actors target specific companies or organizations to make a political point.

“Also on the increase is DDOS attacks against companies – if done by hacktivists to take them offline to teach them a lesson… if done by cybercriminals then to extort money – pay or we take you down again. The motive is an important aspect in this,” said Cowley.

Cyber hacking collective Anonymous Africa has targeted the SABC, and Oakbay Investments companies such as ANN7 and The New Age.

Cowley rated local hackers as “generally more low-tech or collusion types of crimes but increasing in sophistication. Outside hacks are more advanced.”

“Whereas South Africa isn’t among the top regions for cybercrime development (ie malware for profit), there is always the possibility of attacks within the country that have other motivations – in this case, ‘hacktivism’, ie a DDoS attack designed to make a social or political point,” said Emma.

The technical inability of local hackers though, need not be an impediment to their ability to carry out cyber attack campaigns.

“Even if they [hackers] don’t have the technical skills themselves, the crooks can often simply ‘rent’ what they need – typically using the Dark Web to get in touch with each other, wherever they might be in the world,” Paul Ducklin, senior technologist at Sophos told Fin24.