In recent times cybercrime has become very prevalent in South Africa, particularly during the COVID-19 pandemic. When many people suddenly had to work from home when the national lockdown started, the focus of hackers shifted from email attacks to online attacks according to the global cyber security firm Kaspersky.
Between February and March 2020 there was a decrease in volume of ransomware attacks in relation to more specifically targeted ransomware attacks. Ransomware is usually deployed by exploiting online servers or weak passwords.
“Whereas network attacks used to be through methods like phishing emails, they now scan the internet for South Africa looking for vulnerable servers that are exposed,” says Maher Yamout, senior security researcher at Kaspersky.
At the same time, phishing emails and social engineering are still being used too and email threats in SA increased by 56% between April and May 2020.[1]
In a recent report, iDefense, an Accenture security intelligence company, identified and compiled trends and information regarding cybercrime in South Africa.[2]
A disturbing fact from this report is that South Africa has the third-highest number of cybercrime victims worldwide, losing approximately R2.2 billion a year to cyber-attacks.
From this report the following reasons were identified for South Africa becoming such an attractive target for cybercrime:
- Lack of investment in cyber security. Not all businesses have sufficient funds to make provision for cyber security and there also may be shortages of trained cybersecurity practitioners. Other reasons for the lack of investment in cybersecurity may purely be through choice, inexperience of internet users, and poor public knowledge.
- Developing cybercrime legislation and law enforcement training. The Cyber Crimes Bill was only adopted in January 2020. The legislation empowers our police to act against cybercrimes, but lack of training will cause issues.
- Poor public knowledge of cyber threats. iDefense found that South African Internet users are inexperienced and less technically alert than users in other nations.
- The use of shadow IT. The use of applications and infrastructure without the knowledge of a company’s IT department is prevalent in South Africa.
- Threat actors are taking notice. IDefense found that from 2016 there has been a greater interest in South Africa from the criminal underground.
Examples of Cyber-attacks:
A client of an FSP gave them a written mandate to invest money with Investec Bank on his behalf. The written mandate stipulated that all instructions had to be sent by fax or by email with the client’s signature. The money was to be invested in a Corporate Cash Manager (CCM) account in the name of the client.
Criminals hacked the Gmail account of the client and utilising his authentic email credentials, sent emails to the FSP. In the emails the FSP was instructed to transfer money to accounts of third parties. The FSP acted on these instructions and paid out a total of R804 000 from the client’s CCM account to unknown third parties.
The court a quo and the high court of appeal found in favour of the client as the mandate required a ‘signature’ which in every day and commercial context serves as authentication and verification. The instruction was not accompanied by such a signature and the courts held that the funds were transferred without proper instructions and contrary to the mandate.[3]
In another matter an attorney was holding funds in his trust account on behalf of his client. The attorney received emails from the email address of the client. In the email the attorney was informed of the client’s new banking details with further instruction to pay funds into various bank accounts. The Attorney paid the funds without verifying the new banking details with the client. It was later found that the client’s email account was hacked, and the hackers provided the details of their own bank accounts. The court found the attorney was negligent and liable for the loss of the client.[4]
What measures can one take to avoid becoming a victim of such crimes
According to the iDefence report the following measures should be taken:
- Makes use of security and threat intelligence. Use information to understand threats and better use resources against anticipated attacks
- Prioritise protecting against people-based attacks. Organisations need to place greater emphasis on nurturing a security-first culture. Training and education are essential to reinforcing safe behaviours, both for people within and outside an organisation – in other words, educate staff and clients alike.
- Focus on compliance. When business tools and services are installed and configured correctly, data compliance follows automatically.
- Put measures and procedures in place for post-breach incidents.
How do you know you have been hacked? Some clues that you might have been hacked:
- Your anti-virus program generates an alert that your system is infected. Make sure it is your anti-virus software generating the alert, and not a pop-up window from a website trying to fool you into calling a number or installing something else.
- You get a pop-up window saying your computer has been encrypted and you have to pay a ransom to get your files back.
- Your browser is taking you to all sorts of websites that you did not want to go to.
- Your computer or applications are constantly crashing or there are icons for unknown apps or strange windows popping up.
- Your password no longer works even though you know it is correct.
- Friends ask you why you are spamming them with emails that you know you never sent.
- There are charges to your credit card or withdrawals from your bank account you never made.
If you suspect you have been hacked, the sooner you act the better. If the hack is work related, do not try to fix the problem yourself; instead, report it immediately.[5]
It would also be advisable to investigate cybersecurity insurance to protect you from the effects of online attacks.
Santho Mohapeloa, Digital Distribution Specialist at SHA Specialist Underwriters notes that cybercrime has become the top risk for small and medium-sized enterprises (SMEs). “Having insurance that covers a SMEs cyber, privacy and reputational risks and liabilities, has now become just as vital as insuring against fire or theft. Business owners need to start viewing these types of policies as standard requirements for any venture. Cyber-attacks are after all just another form of theft”.[6]
South Africa has a Cybersecurity hub that can be accessed on https://www.cybersecurityhub.gov.za/. The Cybersecurity Hub provides information that creates awareness on cybersecurity as well as information that encourages South African citizens and organisations to be secure online. Cybercrime incidents can also be reported through the Cybersecurity hub.
Given the fact that cybercrime is an increasing problem and arguably a threat that will endure into the future; the insurability of cyber risks needs to be emphasised. Businesses need to prioritise this because if this need is overlooked, it acts at its own peril. For instance, an FSP will be exposed to incurring various liability costs and also regulatory fines and penalties due to data breaches. Most detrimental, would be the reality of having to recover financially from reputational harm.[7]
[1] https://www.news24.com/fin24/companies/ict/cybercriminals-change-tack-in-sa-use-more-ransomware-during-lockdown-20200613
[2] INSIGHT INTO THE CYBERTHREAT LANDSCAPE IN SOUTH AFRICA – Accenture
[3] GLOBAL & LOCAL INVESTMENTS ADVISORS (PTY) LTD v NICKOLAUS LUDICK FOUCHÉ (Case No: 71/2019)
[4] FOURIE V VAN DER SPUY AND DE JONGH INC. (Case no: 65609/2019)
[5] https://www.sans.org/security-awareness-training/resources/am-i-hacked
[6] https://www.iol.co.za/business-report/economy/why-cyber-insurance-should-be-first-priority-for-smes-18315002
[7] Mpuru, L & Kgoale C. Cybercrime – Biggest cybercrime treats in future. Servamus, Oct 2019