NTT has published its 2020 Global Threat Intelligence Report, which details the state of cybersecurity around the world.
The report found that the spread of the COVID-19 coronavirus has brought with it a significant spike in COVID-19-related cyberattacks.
NTT said fake websites masquerading as official sources of information were created at rates exceeding 2,000 per day, and many of these targeted healthcare organisations.
“The current global crisis has shown us that cybercriminals will always take advantage of any situation and organisations must be ready for anything,” said NTT Security president and CEO Matthew Gyde.
“We are already seeing an increased number of ransomware attacks on healthcare organizations and we expect this to get worse before it gets better.”
The spread of COVID-19 and its effect on business operations has also increased the exposure of many companies to cyberattacks, according to the report.
More employees are working from home than ever before, relying on technology such as remote networks and web applications.
These services are an attractive target for hackers due to their increased adoption and the widespread lack of proper security around remote working.
The NTT report described major cybersecurity trends in South Africa, and also highlighted the following global trends:
- Attackers are becoming more innovative, using artificial intelligence, machine learning and investing in automation of attacks.
- Attackers are weaponising Internet of Things (IoT) devices. Botnets such as Mirai, IoTroop and Echobot have advanced in automation, improving their propagation capabilities. Mirai and IoTroop are known for spreading through IoT attacks.
- Old vulnerabilities remain a target, with many attackers targeting organisations who have not patched their systems.
South African cybersecurity stats
NTT found that reconnaissance activity was the most common form of criminal online activity in the Europe Middle-East and Africa (EMEA) region.
Other major attack types included application- and service-specific exploits, as well as attacks against content management services (CMS) platforms.
South Africa was unique in that in that 66% of cyberattacks recorded in the country over the reporting period were related to web applications.
27% of cybersecurity incidents were application-specific, and 4% of incidents were Distributed Denial of Service (DDoS) attacks.
Unlike many other countries in the EMEA region, South Africa’s top-targeted industry was insurance.
The report listed the following sectors as the most-targeted industries by hackers in South Africa:
- Insurance – 50% of attacks
- Finance – 44% of attacks
- Retail – 3% of attacks
The CMSs which were most-targeted by hackers in South Africa included Joomla! and Drupal.
Exploits against a vulnerability in Cisco ASA were also common across the EMEA region and accounted for 35% of attacks in South Africa.