South Africa is facing one of the largest cyber attacks it has ever seen, with banks, ISPs, and the government being targeted.
Last week the City of Johannesburg fell victim to a cyber attack which led to its information systems becoming compromised.
The city stated that it had detected a network breach and had taken appropriate actions to mitigate any potential effects.
Following the hack, a number of systems were shut down by the city as a precaution, including its website, e-services, and billing system.
City of Johannesburg employees received a ransom note from a group named Shadow Kill Hackers demanding four bitcoin and threatening to release sensitive data unless the amount was paid.
Banks hit with DDoS attacks
On 23 October, the South African banking industry was hit by a wave of DDoS attacks targeting consumer-facing services.
These attacks were also accompanied by a ransom note which was sent to publicly available staff email addresses.
“Threat intelligence which has surfaced has revealed that this is a multi-jurisdictional attack with entities from several countries being targeted,” the South African Banking Risk Information Centre (SABRIC) said.
While the DDoS attacks were disruptive, South African banks refuted reports that sensitive information had been compromised as part of the attack.
ISPs under attack
In recent weeks, numerous Internet service providers (ISPs) have been hit by large DDoS attacks which disrupted their services.
It started in September, with an attack on Cool Ideas and Atomic Access that severely affected their services.
On 19 October, Cybersmart was hit by a large DDoS attack which caused intermittent connectivity over two days.
In the latest incident, which started yesterday, Afrihost, Axxess, and Webafrica were hit by a very large DDoS attack which affected DSL and fibre subscribers.
The attack, which also targeted parts of Liquid Telecom’s network, measured in excess of 100Gbps.
The attack started at around 15:39 on Sunday and was successfully mitigated at 22:40, Liquid Telecom told MyBroadband.
It has since resumed, however, with Afrihost, Axxess, and Webafrica suffering under a renewed DDoS attack today.
Parmi Natesan, CEO of the Institute of Directors in South Africa (IoDSA), said these attacks should serve as a wake-up call to companies.
“The ransomware attack suffered by the City of Johannesburg sounds a clarion call for boards to revisit their technology governance strategies,” Natesan said.
She said these cyber-attacks represent a huge risk for all organisations in both the public and private sectors.
Marlon Moodley, IT governance facilitator for the IoDSA, said directors are not taking adequate steps to acquire broader skills to understand crucial developments in the technology space.
“Because of technology’s pervasiveness, directors should make sure they acquire a broader understanding of technology and the trends driving it,” he said.
He added that companies and the government should take advice from experts and ensure that adequate business continuity arrangements are in place in case of an attack.
“If the corporate IT systems are not usable, there should be an alternate data centre with a clean, reliable replication of the IT environment,” he said.