Cybercriminals take aim at South Africa

South Africa has been identified as a hotspot for cybercrime in Africa, comprising 40% of all ransomware attacks and 35% of info stealer attacks on the continent.

This is according to Eset’s Threat Report for the second half of 2024.

“Despite what you see in movies, cybercriminals are very targeted,” Eset’s chief security evangelist, Tony Anscombe, told Cape Talk.

“They don’t just try to launch cyber attacks on everybody. They target where they’re going to make money. So, it would appear that South Africans’ credentials, crypto wallets, or data are exceptionally valuable to cyber criminals.”

Ransomware attacks typically involve encrypting the victim’s data and extorting them for a decryption key.

Attackers also often exfiltrate sensitive data and threaten to leak it online unless you pay.

Anscombe said that most ransomware will generally involve a human element through social engineering, giving attackers access to sensitive information.

This is an info stealer attack, where one specific individual can be targeted for their personal information, such as bank account information, or multiple at once, which is known as fishing.

He said that once attackers have access to this information, they will likely further their attacks by initiating a ransomware attack or using the information to access someone’s bank account.

South Africa was also found to lead other countries on the continent in terms of password-guessing attack targets and sources, email threats, trojans, and malware detections.

Password guessing involves attackers forcing their way into user’s accounts by guessing their passwords. According to the report, South Africa is one of the global hotspots from which these attacks originated.

Trojans refer to malicious software (malware) that downloads and runs other malware on a user’s device.

The maps below show the distribution of various types of cyber attacks worldwide.

Not only has South Africa featured high in the rankings in Eset’s report, but it is also listed as the second most targeted country in Africa regarding cyberattacks against political actors, according to a European Repository of Cyber Incidents (EuRepoC) study.

Its analysis found cyber attacks against political actors in Egypt to be more prevalent than in South Africa, according to its assessment criteria.

Since 2021, at least ten South African departments or related entities have become victims of cyberattacks.

In the most recent incident, a ransomware attack took down the South African Weather Service’s (SAWS’s) IT systems, including its website, emails, and aviation and marine services.

The attack was the work of the Russia-linked group RansomHub, which is known for infiltrating vulnerable systems and networks, stealing data, and encrypting files, leaving organisations locked out of their infrastructure.

Other victims of such cyberattacks include Transnet, the Department of Justice and Constitutional Development, the Department of Defence, the Department of Public Works and Infrastructure, and the Companies and Intellectual Property Commission.

Minister in the Presidency Khumbduzo Ntshaveni has acknowledged that South Africa is seeing an increase in cybercrime and cyberattacks, with ransomware being the most prevalent threat.

She said that the issue was affecting both government and private entities.

Ntshavheni maintained that the State Security Agency was aware of the constant threat of cyberattacks and was attempting to migrate against them.