Covid cyberattacks ramp up in SA under lockdown
Preying on the fear caused by Covid-19 has been the modus operandi from the start
SA has become a target for cyberattacks in the past 100 days — with 10 times the global average of growth in malware incidents — because cybercriminals view its IT systems and their users as lacking sophistication.
“Attackers view Southern Africa as a region that has less sophisticated cybersecurity and cyber awareness and thus these types of attacks are expected to work here,” says Brian Pinnock, director of sales engineering at cybersecurity company Mimecast.
Eric McGee, risk advisory Africa leader at Deloitte, says: “With the shift to remote solutions, remote desktop attacks globally have seen a massive eight- to tenfold increase.”
He attributes the increase in attacks to cybercriminals being aware that “companies are under stress to ramp up provisions with users who are not used to working remotely and are not protected by the office network”.
According to a Mimecast report, “100 Days of Coronavirus (Covid-19)", cybercriminals have their sights set firmly on SA.
“In SA there has been a 385% increase in malware detections, as opposed to the global average of 35.16%," says Pinnock.
He says the company's business-threat intelligence team has also seen a dramatic increase in spam (46%), impersonations (75%) and unsafe URL clicks (97%). In all of these detection categories, the figures for SA far exceed the global average during the same period.
James Bayhack, director, Sub-Saharan Africa at CM.com, says: “Every day, Gmail blocks more than 100-million phishing e-mails. In the first week of April 2020, Google reported 18-million daily malware and phishing e-mails related to Covid-19. This was in addition to more than 240-million Covid-related daily spam messages.”
Preying on the fear caused by Covid-19 has been the modus operandi from the start.
Says Pinnock: “Cybercriminals were able to adapt very quickly by spreading disinformation with the sole purpose of fuelling panic. We saw a massive increase in coronavirus-themed spoofed websites, in addition to very high spam e-mail volume. Malicious actors continued shifting their focus to prey on users' latest fears, with fake websites and e-mails initially focusing on health information and protection concerns.
“This was followed by an increase in false specials and sales for in-demand products like face masks, hand sanitiser and protective gloves. Finally they started pivoting to offering financial assistance, mimicking banking and government financial schemes, and stayed with infection-tracking lures like the now infamous Johns Hopkins Covid-19 watering-hole sites.”
These sites cloned the authoritative Johns Hopkins University online map of Covid-19 infections. Cybercriminals circulate links to the fake websites through social media or e-mails. When people go to the sites, they are directed to open an applet that can infect their device with malware that steals data such as banking information or login credentials.
Bayhack says: “One trick has been to impersonate the World Health Organisation to solicit fraudulent donations or distribute malware. Another is to capitalise on government stimulus packages and imitate government institutions to scam small businesses.”
Mimecast found that cloud-based video telephony and online chat services such as Zoom also experienced increased attacks.
The biggest cybersecurity weakness in organisations remains its users, who often unwittingly unlock the virtual security gates.
Anna Collard, MD at KnowBe4 Africa, which provides security awareness training, says cybercriminals are able to offer Zoom login details for sale not because of a Zoom vulnerability or technology problem, but because people are using the same passwords across multiple sites.
“Using a technique called 'credential stuffing', hackers try logging into Zoom using account details obtained from older data breaches. They then compile lists of any successful Zoom logins and sell them to anyone who's interested,” says Collard.
Thomas Meisinger, head of business solutions at Sanlam Personal Finance: Distribution, says training staff is imperative.
“Skipping regular antivirus updates can be detrimental to any business. It's also vital team members are kept in the know regarding the latest threats. Financial phishing e-mails can be very convincing.”