South Africa faces national shutdown of IT infrastructure, warns DA
DA shadow minister of public enterprises Ghaleb Cachalia has warned that South Africa could face a national shutdown on its Information Technology (IT) infrastructure following the Transnet hack.
Last week, Transnet suffered a cyberattack which caused disruptions on its IT applications and brought some of its operations to a halt.
Transnet employees were asked to shut down their laptops, desktops, and tablets connected to the company’s domain following the attack.
Transnet also warned employees not to access emails on their smartphones until further notice.
Transnet Port Terminals (TPT) declared a force majeure this week because of what it described as a “cyber-attack, security intrusion and sabotage” on Transnet.
“Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach/sabotage,” TPT said.
Cachalia said Transnet’s declaration of force majeure across all its container terminals confirmed that this was an industrial scale breach meant to cause maximum damage.
He warned that the damage has the potential to spill over into other key areas.
“Transnet’s IT systems are interconnected with SARS and Customs, and the cumulative effect has the potential to paralyse economic activity,” Cachalia said.
The DA has asked Transnet for information about the extent and effect of the cyberattack and what it is doing to mitigate its effects but has not received feedback yet.
“A failure to isolate the origin of the cyberattack creates a host of imponderables, most notably, the extent to which the perpetrators are prepared to go,” said Cachalia.
“Now that they have successfully crippled our ports, there is no telling which vital national function they will attack next.”
He also complained about a lack of feedback about the attack from the Minister of Public Enterprises Pravin Gordhan
“The Cabinet’s dysfunctionality is evidenced by the responsible ministers’ inability to comment or act in the face of an attack on the country’s economic and logistical spine,” said Cachalia.
He said it is becoming increasingly clear that the crippling cyberattack on Transnet’s IT infrastructure was an act of sabotage potentially carried out by the perpetrators of the insurrection.
“The cyberattack is consistent with the insurrection’s modus operandi which targeted transport and logistics infrastructure,” he said.
The insurrectionists first targeted Durban’s major transport artery, the N3. Their intention was to disrupt supply chains, cause food shortages, and whip up public anger.
They then turned their attention to the business sector by sponsoring the industrial scale rioting and looting in Gauteng and KwaZulu-Natal.
“They forced Transnet to declare a force majeure on the Natcor rail line that connects Gauteng and KwaZulu-Natal,” Cachalia said.
It’s clear that after failing to achieve their objectives through these two acts of sabotage, the next logical step would be to cripple the Transnet port system.
“Law enforcement agencies and prosecuting authorities should not waste their time looking for cyber terrorists outside our borders. They are in the country, and they may have been the architects of the failed insurrection,” Cachalia said.
Based on a report by eNCA journalist Sli Masikane, the attack on Transnet appears to be a standard ransomware attack such as those that have shut down a major pipeline in the United States and healthcare infrastructure in Ireland.
The ransomware note Masikane posted on Twitter is consistent with a note linked to a newer ransomware variant first disclosed by Crowdstrike in June.
MyBroadband tried to contact Transnet for details about the cyberattack, but we could not reach the company.