Ransomware attacks increase; APTs a long-term threat to South Africa
Cybersecurity multinational Kaspersky says that, from January to April, ransomware attacks in South Africa doubled compared with the same period in 2021, and advanced persistent threats (APTs) are a growing concern in the region.
Ransomware has become the most significant cyberthreat of the times and government departments, organisations across industry sectors and individuals are all being targeted.
This growing threat requires the reprioritisation of cybersecurity countermeasures, says Kaspersky Southern African Development Community territory account manager James Gumede.
“The types of cyberattacks in the local market we are seeing impacting businesses and across different industries reinforce the need to be vigilant and educate employees on what constitutes cybersecurity best practice, especially as cybercriminals tactics and methods evolve,” he says.
Kaspersky's research also shows that governments, diplomatic entities and education institutions are increasingly being targeted by APT groups. APTs often stay undetected for months and, typically, focus on high-value targets, such as well-known companies and government departments.
“Such is the extent of this threat that South Africa has joined Nigeria and Egypt as the three most targeted countries on the continent. We have found that one of the most active threat actors in this regard is TransparentTribe.
“This group focuses on diplomatic entities, educational institutions, government departments, and the military. It uses macro-based malicious documents to penetrate organisations and universal serial buses (USBs) that can steal data from air-gap networks,” highlights Gumede.
Additionally, another group very active in South Africa is Lazarus. This threat actor focuses on stealing money and sensitive information possibly for national security purposes. It targets everyone from the military and government to telecoms and pharmaceutical organisations.
“Lazarus has a long history of being behind some of the most devastating attacks in the world that includes the Bangladesh heist in 2016. Having such an influential threat actor active in the country is cause for major concern,” he adds.
“The attack on [State-owned logistics agency] Transnet last year showed that a successful ransomware breach can stop any business dead in its tracks, and result in significant financial and reputational repercussions.
“However, for a hospital or other critical infrastructure, not being able to access data and systems could become a matter of life and death,” adds Gumede.
Tracking, analysing, interpreting and mitigating against these constantly evolving cybersecurity threats can place a massive burden on already strained company resources and it is for this reason that using an integrated threat intelligence portfolio of solutions is so critical, he says.
“By integrating up-to-the-minute threat intelligence feeds containing information on suspicious and dangerous Internet protocols, uniform resource locators and file hashes into existing security systems, security teams can inject a level of automation into the process that significantly frees up their time. This enables the organisation to improve and accelerate its incident threat response and forensic capabilities,” he says.
Using a threat intelligence solution empowers the company to prevent the exfiltration of sensitive assets and intellectual property from infected machines. Having the ability to detect infected assets quickly will help ensure the business can stay ahead of malicious threat actors, he adds.
“Threat intelligence creates an environment where the company can detect and prevent attacks like ransomware and APTs from taking place.
“Effective cybersecurity has evolved and now requires threat intelligence to be incorporated into the entire defensive footprint of a company to safeguard itself from the most significant threats facing them today,” concludes Gumede.
Comments
Press Office
Announcements
What's On
Subscribe to improve your user experience...
Option 1 (equivalent of R125 a month):
Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format
Option 2 (equivalent of R375 a month):
All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors
including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.
Already a subscriber?
Forgotten your password?
Receive weekly copy of Creamer Media's Engineering News & Mining Weekly magazine (print copy for those in South Africa and e-magazine for those outside of South Africa)
➕
Recieve daily email newsletters
➕
Access to full search results
➕
Access archive of magazine back copies
➕
Access to Projects in Progress
➕
Access to ONE Research Report of your choice in PDF format
RESEARCH CHANNEL AFRICA
R4500 (equivalent of R375 a month)
SUBSCRIBEAll benefits from Option 1
➕
Access to Creamer Media's Research Channel Africa for ALL Research Reports on various industrial and mining sectors, in PDF format, including on:
Electricity
➕
Water
➕
Energy Transition
➕
Hydrogen
➕
Roads, Rail and Ports
➕
Coal
➕
Gold
➕
Platinum
➕
Battery Metals
➕
etc.
Receive all benefits from Option 1 or Option 2 delivered to numerous people at your company
➕
Multiple User names and Passwords for simultaneous log-ins
➕
Intranet integration access to all in your organisation