Security13.12.2024

Bad news about cyberattacks in South Africa

International law enforcement has warned that cybercriminals are using South Africa as a proving ground to test their attacks before deploying them worldwide.

At a recent security event organised by Orange Cyberdefense, a representative from a partnership of law enforcement agencies explained that when they started collaborating, they realised they were all looking at the same targets in South Africa.

“South Africa has become this hub for cybercriminals,” they said.

“What we’re currently seeing is that attacks are tested in South Africa, and you will find that six or seven years down the line, the same modus operandi is being executed in Brazil, Russia, or Canada.”

One example of this is SIM swap attacks, where criminals often phish or social engineer the information they need to take control of a victim’s cellphone number.

This type of attack was used in conjunction with keylogger malware, phishing attacks, and other techniques to break into people’s bank accounts.

Banks responded by moving away from SMS-delivered one-time PINs to app-based multifactor authentication.

However, even as banks addressed these security issues, OTPs remained in use worldwide — including by major platforms like YouTube and Twitter.

Years after SIM swaps first started plaguing South Africa, the attack was exported and employed to great effect against people in the United States, Canada, and elsewhere.

A new form of attack that has emerged in South Africa is where criminals steal people’s phones and are able to bypass biometric authentication to get into their bank accounts.

Many of these attacks emerge in South Africa because criminal syndicates have taken up residence here, including the notorious Black Axe gang.

The Black Axe hails from Nigeria and traces its roots to a student liberation movement. However, it has since evolved into a cult-like mafia that has progressed from cyber fraud to dealing in drugs and human trafficking.

According to Interpol, Black Axe and associated groups are responsible for the majority of the world’s cyber-enabled financial fraud.

Several high-ranking members of the group moved their base of operations to South Africa because of the infrastructure and comfort available in the country.

These include the country’s robust internet infrastructure, relatively affordable cost of living, and a perception of law enforcement’s lack of cybersecurity expertise.

South Africa’s unique circumstances have unfortunately made it a hub for cybercriminal activity, with a direct impact on global cybersecurity trends.

Thankfully, the syndicates have not been allowed to operate in South Africa with impunity.

One major success story in tackling the Black Axe was Operation Jackal, an international crackdown coordinated by Interpol in 2022.

The joint law enforcement effort mobilised agencies in 21 countries across the world in a targeted strike against Black Axe and related West African organised crime groups.

It was the first time Interpol coordinated a global operation specifically against Black Axe, which it said was rapidly becoming a major global security threat.

While only two suspects were arrested in South Africa, these were high-level figures in the organisation who were wanted for online scams that extracted $1.8 million (R32.7 million) from victims.

Globally, there were 75 arrests, 49 property searches, and millions intercepted in bank accounts.

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter