Cybersecurity multinational Kaspersky says that, from January to April, ransomware attacks in South Africa doubled compared with the same period in 2021, and advanced persistent threats (APTs) are a growing concern in the region.

Ransomware has become the most significant cyberthreat of the times and government departments, organisations across industry sectors and individuals are all being targeted.

This growing threat requires the reprioritisation of cybersecurity countermeasures, says Kaspersky Southern African Development Community territory account manager James Gumede.

“The types of cyberattacks in the local market we are seeing impacting businesses and across different industries reinforce the need to be vigilant and educate employees on what constitutes cybersecurity best practice, especially as cybercriminals tactics and methods evolve,” he says.

Kaspersky's research also shows that governments, diplomatic entities and education institutions are increasingly being targeted by APT groups. APTs often stay undetected for months and, typically, focus on high-value targets, such as well-known companies and government departments.

“Such is the extent of this threat that South Africa has joined Nigeria and Egypt as the three most targeted countries on the continent. We have found that one of the most active threat actors in this regard is TransparentTribe.

“This group focuses on diplomatic entities, educational institutions, government departments, and the military. It uses macro-based malicious documents to penetrate organisations and universal serial buses (USBs) that can steal data from air-gap networks,” highlights Gumede.

Additionally, another group very active in South Africa is Lazarus. This threat actor focuses on stealing money and sensitive information possibly for national security purposes. It targets everyone from the military and government to telecoms and pharmaceutical organisations.

“Lazarus has a long history of being behind some of the most devastating attacks in the world that includes the Bangladesh heist in 2016. Having such an influential threat actor active in the country is cause for major concern,” he adds.

“The attack on [State-owned logistics agency] Transnet last year showed that a successful ransomware breach can stop any business dead in its tracks, and result in significant financial and reputational repercussions.

“However, for a hospital or other critical infrastructure, not being able to access data and systems could become a matter of life and death,” adds Gumede.

Tracking, analysing, interpreting and mitigating against these constantly evolving cybersecurity threats can place a massive burden on already strained company resources and it is for this reason that using an integrated threat intelligence portfolio of solutions is so critical, he says.

“By integrating up-to-the-minute threat intelligence feeds containing information on suspicious and dangerous Internet protocols, uniform resource locators and file hashes into existing security systems, security teams can inject a level of automation into the process that significantly frees up their time. This enables the organisation to improve and accelerate its incident threat response and forensic capabilities,” he says.

Using a threat intelligence solution empowers the company to prevent the exfiltration of sensitive assets and intellectual property from infected machines. Having the ability to detect infected assets quickly will help ensure the business can stay ahead of malicious threat actors, he adds.

“Threat intelligence creates an environment where the company can detect and prevent attacks like ransomware and APTs from taking place.

“Effective cybersecurity has evolved and now requires threat intelligence to be incorporated into the entire defensive footprint of a company to safeguard itself from the most significant threats facing them today,” concludes Gumede.