Biggest cyber threat to South African businesses
South Africa is becoming a hotspot for cybercriminals, with Business Email Compromise (BEC) and ransomware attacks posing significant threats to the country’s businesses.
This is according to Charl van der Walt, the head of security research at Orange Cyberdefense, who told MyBroadband that South African businesses also face unique local threats.
“South African businesses are technically indistinguishable from other businesses worldwide, so the technical threats and the vulnerabilities that lead to them are very similar,” he said.
These include phishing, unpatched vulnerabilities, and credential stuffing through leaked, weak, or cracked passwords.
“Using these access vectors, two major global cybercrimes impact South African businesses also, namely Business Email Compromise (BEC) and ransomware,” said Van der Walt.
“Both of these crimes have the double advantage of being technically simple to perpetrate and offering criminals direct access to money without having to perform other complex tasks.”
He noted that South African businesses face a unique challenge: the deployment of malicious insiders within businesses to perform fraud.
“Payment fraud, which involves unauthorised access to someone’s online account to make fraudulent transactions, is a common example of this,” added Van der Walt.
He said some attack vectors, such as SIM swaps, are arguably more common in South Africa than elsewhere in the world.
Van der Walt highlighted three aspects of cybersecurity that are concerning in a South African context.
Firstly, Orange Cyberdefense expects ransomware attacks to increase in South Africa, which has already started.
“We observed a 100% increase in cyber extortion victims in Africa over the last 12 months, most of which were in South Africa,” said Van der Walt.
“As a growing and modernising English-speaking economy, we expect this form of crime to grow faster in South Africa than the average, which is already a concerning 77% year-over-year.”
Orange Cyberdefense is highly concerned about single ransomware attacks on the government, state-owned enterprises, state agencies, and public-benefit organisations.
It says attacks on these organisations can be catastrophic.
“We observed attacks on Costa Rica having this kind of impact in 2022, and the recent incident involving the National Health Laboratory Service (NHLS) serves as a chilling reminder that we as a country are vulnerable in this way also,” said Van der Walt.
While the attack on the NHLS impacted health services and personal well-being, similar attacks on other entities could impact tax and financial services, law enforcement, the courts, contractors, the reserve bank, and the stock exchange.
These are all crucial services that would hamstring the company if disrupted similarly to how the NHLS was disrupted.
“Finally, we note that small businesses are more than four times more likely to fall victim to crimes like ransomware than medium and large businesses,” said Van der Walt.
This is because these businesses benefit from fewer security resources and find it more challenging to pay ransom or recover from such an incident.
“There is a real risk that these small businesses, who are nevertheless still dependent on IT, are lost in the noise when we talk about the cyber threat,” he added.
Orange Cyberdefense managing director for South Africa, Dominic White, told Mybroadband that the country needs state-level and multi-country collective action against cyber extortion gangs.
However, South Africa’s current political standing is making it difficult to work with international law enforcement.
“The countries with a strong focus on the threat actors behind ransomware are US, Australia, Netherlands and some others i.e. the US and European ‘western’ law enforcement,” said White.
“Since the Russian invasion of Ukraine and the growing tensions with China, our BRICS alignment and governments confusing public statements there’s less willingness to work with us from those agencies.”
According to the European Repository of Cyber Incidents (EuRepoC), South Africa is the second-most targetted country in Africa regarding cyberattacks on political actors.
The EuRepoC is an independent research consortium and a database of cyber incidents worldwide. According to its data, Egypt is the most targeted African country, with 29 attacks since 2000.
Over the same period, South Africa has had 21 cyberattacks. However, EuRepoC only includes attacks that meet specific criteria, such as violating the CIA triad of information security.
The attack must also have been publicly reported, have a political dimension, or be against critical infrastructure.
Therefore, the EuRepoC says some cyber incidents are consciously cut from its data when they affect major stakeholders but aren’t specifically addressed by political actors.