Businesses warned of cyber attacks

Fake links
South Africa can expect a record number of disruptive cyberattacks in 2023, similar to the attack on Transnet's operations earlier this year, warns global cyber security company Kaspersky.
Carin Smith

Next year is likely to see a record number of disruptive and destructive cyberattacks, hitting government and critical industries, including in South Africa, warns David Emm, principal security researcher at global cyber security company Kaspersky.

“Just consider the impact the Transnet attack had on the country’s economy to have an idea of the potential for disruption that these destructive attacks can have on SA,” Emm told News24.

“There will also be high-profile cyberattacks against civilian infrastructure. Energy grids or public broadcasting may also become targets, as well as underwater cables and fibre distribution hubs, which are challenging to defend.”

Kaspersky data shows that in SA, phishing is still one of the most pervasive attack methods. Common scenarios include fake business correspondence from partners, fake links for online meetings or documents, and even still, Covid-19-related emails.

ATPs

Emm regards ATPs (advanced persistent threats) as one of the biggest cyber challenges SA will face next year. ATPs are when intruders access a network and remain undetected for a long time.

These are the most sophisticated cyberattacks, and Africa is increasingly the focus region.

This method has already been used to target telecommunications companies, government data, and even non-profit organisations.

Kaspersky expects targets will be organisations in agriculture, logistics and transportation, energy - the mining, chemical, and machine tool sectors, as well as renewable energy and hi-tech.

DARK WEB

Another big threat for SA is dark web markets gaining access to corporate data.

“The average price on dark web markets and forums for access to corporate infrastructure in Africa is US$2 100. This is well below the US$4 000 global average. SA businesses need to find more effective ways of strengthening their cyber security footprint and harden data access defences,” says Emm.

Additionally, access can be gained by infecting user devices with a data stealer. Data gets stolen while users continue to work on their devices. Then the stolen data is transferred to command-and-control servers and packed in files, which are then published on dark web forums and put on sale.

In SA, more than 1.2 million user accounts were stolen this way from 2021 to 2022. – Fin24