South Africa suffering under political hacking onslaught
South Africa is the second most targeted country in Africa by cyberattacks aimed at political actors, according to the European Repository of Cyber Incidents (EuRepoC).
EuRepoC, an independent research consortium and database of cyber incidents, lists Egypt as having 29 cyber-attacks and South Africa 21 since 2000.
It tracks and reports trends in the global cyber threat environment by processing information from public reports of cyber incidents.
Although South Africa has experienced more than 21 cyber-attacks since 2000, the repository only includes those that fit specific criteria.
The first is that it must violate the CIA triad of information security.
This policymaking model ensures that all information within an organisation stays confidential, uncorrupted by maintaining its integrity, and readily available to its users.
The rest of the criteria are that it must have been publicly reported, have a political dimension, or be against critical infrastructure.
“This means that some cyber incidents are consciously cut out when they concern specific stakeholders but are not addressed particularly by political actors,” EuRepoC says.
Attacks against critical infrastructure have only been recorded since 2023.
Most cyber incidents recorded have been disruption attacks that negatively impact the functioning of the targeted system, such as a DDoS attack. Twelve of these have been recorded.
This is followed by hijacking with misuse, which refers to when the attacker takes over the attacked system and gains deeper administrative rights.
Other attacks such as data, ransomware, data theft and doing, and hijacking without misuse have been less common.
Although not typical, ransomware attacks have had the most intense effects on the systems they have targeted, according to EuRepoC.
The average intensity of attacks in South Africa is 2.62 out of 15. Each attack’s physical effects and socio-political severity determine its intensity.
EuRepoC also points out that most attacks on South Africa that can be attributed to another country have come from Morocco, which accounts for three of the 21 incidents on its list. The second most are Russia, Iran, and China.
Corporate entities were found to be the most frequently targeted.
Of the incidents recorded, only one has had a political or legal response.
This was the most recent attack South Africa has experienced, orchestrated by BlackSuit on the National Health Laboratory Service (NHLS) on 22 June 2024.
Number of cyber incidents in South Africa between 1 January 2000 and 10 July 2024
Multiple attacks have occurred that do not fit the criteria for EuRepoC’s database, one of which has cost the country R300 million over the past ten years.
Cybercriminals stole at least R300 million from South African taxpayers over the past ten years due to security flaws at the Department of Public Works and Infrastructure.
This is according to new public works minister Dean Macpherson, who disclosed the issue in a statement on Wednesday.
Macpherson said insiders may have been involved, describing the decade-long heist as “an elaborate scheme by cyber-hackers, and potentially officials within the department.”
The minister said it was unthinkable that this had gone on for so long without being noticed.
“To build trust with South Africans, we must be transparent about the problems we face,” said Macpherson.
“We will ensure that financial controls are tightened, and we hold those responsible accountable for their actions.”
The issue was discovered thanks to an incident in May 2024, when attackers made off with another R24 million.
This prompted a full forensic investigation by the Hawks, South African Police Services, State Security Agency, and ICT and cyber security experts.
Details of the incident emerged when Macpherson and deputy minister Sihle Zikalala conducted detailed assessments of the department’s work and through the incoming briefings from department branches.
Four officials have been suspended, and investigators have seized 30 laptops.
The four suspended public works officials include three in senior management and one middle manager.
The department said it was forced to shut down all its payment systems, causing significant delays in the payment of its creditors.