Subscribe
About

Elections to intensify SA’s already dire cyber threats

Admire Moyo
By Admire Moyo, ITWeb news editor.
Johannesburg, 08 Mar 2024
Check Point’s Threat Report predicts cyber attacks are likely to escalate in SA in the run-up to the elections.
Check Point’s Threat Report predicts cyber attacks are likely to escalate in SA in the run-up to the elections.

An average organisation in South Africa was targeted by 1 001 cyber attacks per week in the last six months.

This is according to cyber security firm Check Point’s Threat Report for South Africa, which reflects a gloomy cyber security landscape.

The report reveals cyber attacks are likely to escalate in SA in the run-up to the elections, with threat actors unleashing artificial intelligence (AI) deepfakes, misinformation and disinformation.

Check Point says most of the attacks target government and military organisations, which receive over double the average amount of weekly attacks.

It points out the convergence of geopolitical tensions, state-sponsored cyber activities and evolving threat landscapes poses unprecedented challenges for organisations tasked with safeguarding critical infrastructure and sensitive data.

As cyber threats continue to escalate in sophistication and frequency, Check Point urges institutions to adopt a proactive approach to cyber security to mitigate risks effectively.

“In the methodology of our research, we meticulously analysed the frequency of cyber attacks targeting organisations within SA. This analysis spans a six-month period, during which we observed an average of 1 001 attacks per week,” Issam El Haddaoui, Check Point security sales engineering manager for Africa, tells ITWeb.

“Our data source for this investigation is ThreatCloud, which aggregates reports from Check Point customers globally. This database provides comprehensive insights into the volume of attacks and the number of organisational networks under surveillance.”

He notes that by calculating the ratio of the total number of reported attacks to the total number of organisational networks, Check Point derives an average figure that represents the weekly attack rate per organisation.

Exploiting human trust

According to the report, FakeUpdates is the top malware in SA, although botnets and Trojans are also wreaking havoc.

El Haddaoui says the prevalence of FakeUpdates, also known as SocGholish, as the leading form of malware in SA and globally can be attributed to several factors, primarily its deceptive simplicity and effectiveness.

“FakeUpdates exploits a fundamental human tendency to trust and comply with software updates, disguising its malicious payloads as legitimate software update alerts. This social engineering tactic is highly-effective because it leverages the routine behaviour of users prompted to update their software for security or performance improvements.”

The methodology of FakeUpdates, involving a JavaScript downloader that seamlessly writes and launches payloads, facilitates a multi-stage infection process, El Haddaoui adds.

“By initially gaining a foothold through seemingly benign update notifications, it paves the way for the deployment of a variety of additional malware threats. These can range from banking trojans like Dridex, to ransomware like DoppelPaymer and data stealers like AZORult, each capable of causing significant damage to individuals and organisations.”

The ease of dissemination and implementation are further reasons for its popularity, he says. “Since an estimated 80% of cyber attacks begin with an e-mail, the distribution of FakeUpdates via phishing campaigns offers a broad, low-cost attack vector for cyber criminals. These phishing e-mails are designed to mimic legitimate communications, increasing the likelihood of user interaction and subsequent malware infection.”

He observes that globally, the success of FakeUpdates mirrors the situation in SA, driven by the universal applicability of its deceptive approach and the global reliance on e-mail as a communication medium.

“Its ability to act as a gateway for further compromises with a range of malware types makes it a favoured tool in the cyber criminal’s arsenal. This highlights the critical importance of cyber security awareness and education, as recognising the signs of phishing and maintaining scepticism towards unsolicited software updates are key defences against such attacks.”

Check Point adds that 80% of the malicious files in SA were delivered via web in the last 30 days. The most common vulnerability exploit type in SA is information disclosure, impacting 65% of organisations.

Election integrity threat

Check Point is seeing increasing manipulation by nation states to influence the outcome of a country’s elections. This is a particular concern for SA, as general elections will be held on 29 May to elect a new National Assembly, as well as the provincial legislature in each province.

“The fact that technology is utilised to spread misinformation, and replicate voice and videos of public figures, means the potential for election fraud through the adept use of artificial intelligence and deepfake technologies, by a co-ordinated and shadowy network of scammers and hackers, who leave no digital fingerprints, is far more likely,” says El Haddaoui.

“The actions of these organisations weave a complex web of misinformation and manipulation, significantly complicating efforts to safeguard electoral integrity and maintain the public's trust in the democratic process.”

He believes the conclusion of elections might shift the immediate focus of cyber threats, moving away from politically-motivated attacks to broader, more financially-driven cyber crime activities.

“However, it’s important to understand that the underlying threat environment does not necessarily become ‘better’ post-elections. In fact, the landscape of cyber threats is ever-evolving, driven by the continuous advancement in technology and the increasing sophistication of cyber criminals.”

Ransomware attacks, in particular, have become a lucrative business model for cyber criminals, he notes.

“These actors exploit vulnerabilities in information systems for financial gain, targeting public and private sector entities without discrimination. The allure of ransom payments, coupled with the relative anonymity provided by crypto-currency transactions, has emboldened attackers. Furthermore, the proliferation of ransomware-as-a-service platforms allows even those with limited technical skills to launch devastating attacks.”

Of late, South African government entities have fallen victim to cyber attacks. The latest was the Companies and Intellectual Property Commission, which reported a security breach last week.

Other public sector entities to be hit recently include the Government Pensions Administration Agency, Transnet, Department of Justice and Constitutional Development, South African National Space Agency, Western Cape Provincial Parliament and Department of Defence.

The Information Regulator, this week, told ITWeb that as of January 2024, it had received 224 security compromise notifications.

Cyber vulnerabilities are indeed a pressing issue across various sectors, but the public sector stands out due to its unique challenges, El Haddaoui points out.

“With typically fewer resources allocated for cyber security compared to the private sector, combined with a significant skills shortage, public sector entities often find their defences lagging.

“This gap not only makes them prime targets for cyber attacks, but also highlights the broader issue of cyber inequality, where disparities in access to technology, expertise and funding exacerbate vulnerabilities.”

Mind the gap

El Haddaoui believes South African organisations’ cyber security preparedness is gradually improving, yet there remains a notable gap, especially in the adoption of comprehensive, advanced security strategies.

He says an effective cyber security posture requires a multi-faceted approach, combining advanced threat prevention, consolidated security management and collaborative efforts across all sectors.

“Embracing AI-powered solutions and cloud-delivered security intelligence is critical for staying ahead of evolving threats.

“Moreover, fostering a culture of security awareness and collaboration, not only within individual organisations, but also across industry and government entities, is essential for a resilient defence against cyber crime. This collaborative, intelligence-driven approach is crucial for navigating the complex landscape of cyber threats and ensuring robust cyber resilience.”

Share