A recent cyberattack in which South Africa was apparently among 17 countries targeted by North Korean hackers, relates to the activity of the so-called Lazarus group, according to Dr Amin Hasbini, head of Kaspersky’s global research and analysis team for the Middle East, Turkey and Africa.
Time reported on Tuesday that UN experts are investigating these cyberattacks.
According to Hasbini, this Lazarus group has been a major “threat actor” in the advanced product technology arena for several years. Kaspersky experts are tracking it closely.
Hasbini said in a statement that “alongside goals like cyber-espionage and cyber sabotage, the attacker has been targeting banks and other financial companies around the globe”.
Through their cybercriminal activities, the group have targeted a number of countries across Africa, according to Hasbini.
“Till now, there is no data about money being stolen from a South African bank through these swift attacks,” he said on Wednesday.
“This could be an indicator that no money was stolen or that, if an attack did in fact result in any loss of funds, the details have not been disclosed.”
Nobody is safe
Craig Freer, executive head of cloud and managed services at Vox, says few organisations, irrespective of their size, are safe from a cyber-attack.
“With more than 350 000 new global threats emerging daily, this is an ongoing concern that must be addressed at a board level and not left being ‘relegated’ to an IT decision-maker,” says Freer.
“About 70% of SMEs that pay after a ransomware attack will close their doors within six months of the breach. Those that don’t close, still suffer reputational damage, loss of data and exposed customer information that can potentially be distributed in the public domain.”
In Freer’s view, the first phase of safeguarding a business entails getting the right tools in place. A company must also ensure that employees understand the security policy and that it is tested regularly. The next phase revolves around planning for the event of a breach.
“No system is fail-safe. This means having a backup environment that mitigates the risk of losing data when ransomware or other malicious attacks occur,” says Freer.
“Sadly, most organisations do not have this in place. Best practice dictates that there needs to be three copies of data, two copies being on different storage media, with one copy located off-site.”
Attacks on the rise
He adds that some organisations who perform backups keep them on the same server their other information is stored on. This means that when they get hit by ransomware, they lose their data and their contingency plan to restore it.
With cyber crime incidents on the rise, current South African laws do not effectively criminalise this kind of conduct, according to Zaakir Mohamed, director in the corporate investigations sector of the dispute resolution practice at commercial law firm Cliffe Dekker Hofmeyr (CDH).
Cybercrimes across digital banking platforms alone increased by 75% in 2018 – resulting in losses of over R262m – according to the South African Banking Risk Information Centre’s (Sabric) annual statistics, says Mohamed.
“As a result of increased internet connectivity, as well as deficient cybersecurity controls, South Africans using digital banking platforms are an obvious (and growing) target for savvy cybercriminals,” he adds.
He explains that preventing cybercrimes remains a significant priority for banks and other financial services providers.
“Cybercrime was identified as the most disruptive economic crime likely to affect organisations by respondents to the 2018 PwC Global Economic Crime and Fraud Survey. As this wave grows, progressive banks are increasingly embarking on communication campaigns that educate and promote awareness of cybercrime, empowering clients to identify incidents in order to avoid falling victim to fraudsters,” he says.
“Unfortunately, when a cyber-crime is committed, victims often find themselves confused as to what to do, as well as what potential legal action is available to them.”