Cybercriminals change tack in South Africa

Business: Cybercriminals change tack in SA, use more ransomware during lockdown

Stay vigilant. Hackers will keep trying to capitalise on Covid-19, warns Maher Yamout, senior security researcher at global cyber security firm Kaspersky.

When many people suddenly had to work from home when the coronavirus pandemic lockdown started, the focus of hackers shifted from email attacks to online attacks, Kaspersky research shows.

The first coronavirus case was reported in South Africa on 5 March and the country went into lockdown on 27 March.

Between February and March, Kaspersky saw a shift in South Africa. There was a drop in volume of ransomware attacks to more specifically targeted ransomware ones. Most of the time in SA, ransomware is deployed by exploiting online servers or weak passwords.

So-called crypto mining, on the other hand, was big last year but not so common this year. Cyber criminals seem to have switched from crypto mining to focusing on ransomware.

“Whereas network attacks used to be through methods like phishing emails, they now scan the internet for South Africa looking for vulnerable servers exposed,” says Yamout.

At the same time, phishing emails and social engineering are still being used too and email threats in SA increased by 56% between April and May. Social engineering is where an individual is deceived into divulging confidential or personal information. Phishing is where a cyber-criminal pretends to be a legitimate institution sending an email.

Although it is hard to say exactly what the success rate of cyber attacks in SA is, Yamout estimates it could be up to 20%.

There is also more sharing of devices. For example, children could be using a parent’s work device to do homework during lockdown.

One of the big consequences for companies suffering a cyber breach is reputational damage, according to Dario Milo, who specialises in crisis and reputation management.

“Customers will think you play fast and loose with their sensitive information. It is critical to protect your reputation,” he explained.