'Almost certain that organised criminal group' behind wave of cyberattacks in SA
SA experienced the single longest running cyberattack campaign monitored around the world by e-mail and data security company Mimecast between July and September.
“It is almost certain that an organised criminal group or APT [Advanced Persistent Threat group] carried out these campaigns, given the resources and effort it would require to sustain this level of determined attack over this lengthy period,” the firm said in its quarterly Threat Intelligence Report on Wednesday.
“SA experienced the single longest running campaign from July 8 to 15 2019 in any region during this quarter; the campaign employed a complex and varying array of generic Trojans, significant threats, exploits and file types.”
The financial sector suffered the brunt of the attacks.
“Threat actors seek numerous ways into an organisation — from using sophisticated tactics, like voice phishing and domain spoofing, to simple attacks like spam,” said Josh Douglas, vice-president of threat intelligence at Mimecast. “This quarter’s research found that the majority of threats were simple, sheer volume attacks. Easy to execute, but not as easy to protect against as it shines a very bright light on the role human error could play in an organisation’s vulnerability.”
The SA Banking Risk Information Centre (Sabric) confirmed in October that the banking industry had been hit by a wave of ransom-driven distributed denial-of-service (DDoS) attacks. BusinessLIVE reported that the City of Johannesburg also reported a breach of its network around the same time, which shut down its website and all e-services. The city was sent a bitcoin ransom note from a group called the Shadow Kill Hackers.
Key findings of the Mimecast quarterly report included:
The majority of attacks were less sophisticated, high volume attacks — due to the ease of access for any individual to launch an attack and employees clicking on malicious links.
ZIP files accounted for 34% of file compression format attacks — consistently the most detected format due to reliance on human error
Researchers detected a complex range of malware, some of which had been around for many years, in addition to new threats. Malware threats were increasingly automated.
Top sectors targeted during the quarter were transportation, storage and delivery, banking and legal.