Biggest cyber threats in South Africa

The head of security research at Orange Cyberdefense, Charl van der Walt, says geopolitical dynamics and their intersection with cybercriminals’ activities could increase the frequency of cyber incidents in South Africa.

He explained that cybercrime groups, particularly those involved in double extortion, operate with strong ties to the Russian geopolitical sphere.

“These cyber criminals operate in a symbiotic relationship with the Russian state. The Russian state enjoys the idea that these criminals are sowing discord, increasing friction, raising costs, and generally being disruptive in the West,” Van der Walt told MyBroadband.

“In return, those criminals are very often protected. If not supported, then at least protected by the Russian state.”

He added that they effectively operate in a consequence-free environment provided they maintain healthy relationships with the Russian state.

In return, these cybercriminal groups don’t target Russian businesses.

“There’s a little bit of quid pro quo. You know, you scratch our backs, we’ll scratch yours,” said Van der Walt.

Therefore, there is a political dimension to these cybercriminal activities.

“If South Africa finds itself on the wrong end of the politics, it may also find itself on the wrong side of crime,” said Van der Walt.

“The corollary is also true. If South Africa finds itself on the wrong end of the politics, it may find itself on the wrong end of the law enforcement value chain.”

He provided the example of US Secret Service agents operating in South Africa to fight organised crime, including cybercrime.

“So we benefit from the governance and the protection provided by the US and Europe,” said Van der Walt.

“If we find ourselves on the wrong end of politics, then you might find those sorts of capabilities also fail.”

He described South Africa’s position as being “politically quite vulnerable”.

This political vulnerability could mean that cybercrime with political elements could spread to South Africa.

Threat groups South Africans should know

Van der Walt also highlighted two other types of threat groups, of which South Africans and businesses in the country should be aware.

These include state-backed coercion campaigns and state-aligned activists.

The former is when a foreign state uses either technical hacking, social media influence, mis- and disinformation, or a combination of these approaches to shape perceptions and influence politics.

“It’s happening all the time everywhere, and I think it’s happening a lot elsewhere in Africa,” said Van der Walt.

“We need to ask ourselves how resilient we are in the face of that sort of effort.”

He explained that it could include hack and leak approaches to shape the narrative, and volt typhoon-type campaigns where critical infrastructure is penetrated to coerce governments or decision makers.

“I think as tensions escalate between Russia, America, and China, and Africa finds itself in the middle of those powers, we should anticipate those types of campaigns becoming a reality here,” Van der Walt stated.

Regarding state-aligned activism, also known as hacktivism, he explained that the threat class has been escalating since around 2022.

“It’s not state actors. They’re also not criminal actors, but they have a decidedly ideological drive,” he said.

“They have a cause, and that cause is political.”

He provided the example of pro-Russian activists in Europe running DDOS campaigns and hack and leak campaigns, supported by political messaging that follows all of their work.

“What they’re trying to do is sow discord and shape the narrative in the countries they target,” said Van der Walt.

“They’re not interested in specific businesses, they’re interested in demographics.”

Orange Cyberdefense believes that South Africa should work towards a “state of safety” in which residents and businesses can operate.

“Feeling safe means you can trust the technology and the platforms you use. You can be confident about the news you get. You can believe what you see and hear,” said Van der Walt.

“When a society doesn’t have this feeling of safety, it starts to misfire.”

He gave the example of a news report stating that planes are falling out of the sky.

“You don’t want to be on an aeroplane. Doesn’t matter whose aeroplane it is,” he said.

“If we don’t trust our digital platforms, then you know an economy and a society start to misfire.”

Van der Walt said security is becoming more about building and maintaining a state of trust between societies, economies, and the technologies that they depend on.

“Anything that threatens that, I think, can have potentially more damaging implications than just a breach of a company,” he added.