Trend Micro’s biannual cybersecurity report finds that South Africa is a playground for cybersecurity criminals, ranking in the top 30 most targeted countries for malware attacks and top 20 for Covid-19-related email threats.
Zaheer Ebrahim, cyber security consultant at Trend Micro, examines South Africa’s vulnerabilities to encourage increased cybersecurity defence measures amidst a 47% year-on-year increase in cyber threats globally.
The Attacks From All Angles 2021 Mid-year Cybersecurity Report by Trend Micro highlighted a 47% year-on-year increase in email threats as well as malicious files and URLs in the first quarter of 2021 globally.
The research identified vulnerabilities across various device types and operating systems, illustrating an increasing need for a holistic and scalable cybersecurity solution at government, organisational and individual level that covers all angles of their security needs.
South Africa’s technology landscape is almost identical to that of other countries, which has seen black hat hackers using it as a testing ground for cybersecurity attacks before these are launched on their intended end-users, said Ebrahim.
Globally, ransomware remained the standout threat in the first half of the year. The pandemic has highlighted how easy it is to buy ransomware as a service (Raas) on the dark web, the expert said.
Africa accounted for 1.7% of these attacks, with 1.05% being targeted at South Africa. “Our findings show that locally, South Africa was in the top 30 countries in the world (#27) to be targeted by malware attacks, and in the top 20 (#19) to fall victim to email threats related to Covid-19,” said Ebrahim.
The latter was also off the back of a 4% global increase in Business Email Compromise (BEC) attacks.
Until recently, cybersecurity was considered a rather expensive operational cost by many South African companies, however the rise in security breaches has highlighted the value of its cost- and time-saving capabilities.
Trend Micro said that cybersecurity spend among its customer base in South Africa has increased by between 30-40% year-on-year, alongside an uptick in new customers.
“We expect to see the maturity of these customers increase sharply in the coming year because it’s no longer a case of if you are going to fall victim to cybersecurity breaches, but rather a case of when.
“Pre-pandemic, when most of the workforce was office-based, it was easier to secure endpoints and a company’s data centre. Traditional perimeter security has disappeared. It is now found wherever your workforce is located – at their homes, in hotel rooms, coffee shops or coworking spaces.”
Now, said Ebrahim, the task requires moving workloads to the cloud and securing every employee, their homes and personal mobile devices, all of which have become companies’ new data centres.
This has seen Virtual Private Networks (VPN) usage reached an all-time high in 2020. “However, this sudden shift to the cloud and global reliance on VPNs has also seen an increase in phishing emails that appear to come from IT asking for admin login credentials, fake installers embedded within malware and malicious link baiting.”
The transition from on-premise to cloud-based working platforms has made virtual patching invaluable, and yet it remains a very big challenge within the South African context that requires urgent attention.
“Much like a plaster that is placed over a wound, virtual patching allows the cybersecurity team to secure the company’s identified vulnerabilities, while the COS team restarts their servers and machines post update,” said Ebrahim.
As cybersecurity threats continue to increase in frequency and sophistication, Security Operations Center (SOC) teams must streamline their security processes without sacrificing reliability. One way to do that is through Endpoint Detection and Response (EDR), which continually monitors and responds to mitigate cyber threats.
Ebrahim said that EDR acts like a CCTV camera that records all the activities that occur at an endpoint. While it might not be able to prevent a cybersecurity threat, it can playback the breach to strengthen cybersecurity retrospectively and secure any vulnerabilities from future attacks.
Another approach is the Zero Trust model, which recognises that trust may be a vulnerability. It only authorises selective access to employees and devices based on the least required access that is needed to perform tasks to prevent cybersecurity threats.
All of these measures are supported by the findings of the biannual research report which allows Trend Micro to utilise data in conjunction with machine learning, artificial intelligence, big data analytics, and third party threat intelligence to mitigate current and future cybersecurity risks by threat hunting more efficiently.
“It is vital to consider the people, process and technology trifactor upon which cybersecurity is built. Despite having access to the latest cybersecurity technologies and an internal COS team that is supported by a third party cybersecurity suppliers, buy in and know-how from the employees within the organisation is key.”
Types of scams to avoid
According to the recently released SABRIC Annual Crime Statistics 2020, social engineering (phishing, vishing and SMishing) continue to be the primary method employed by criminals when targeting victims across digital channels.
Below are some of the different types of online scams, and what the public should look out for to avoid becoming a victim. These scams are usually mentioned separately, but they are often used together.
Being aware of these is the first step toward keeping your money safe, said Ebrahim.
Phishing
This is one of the best-known fraud techniques. Phishing emails and SMSs are cleverly disguised to look like they’re from a legitimate organisation. This communication is designed to mislead people using convincing but fabricated information to manipulate them into clicking on a link or opening an attachment.
- Never click on email links – even if they contain concerning information (such as a blacklisting, fraud on your account, etc.). Address your concerns with the organisation directly.
- If the email claims to be from your bank, type in the URL (Uniform Resource Locator or domain names) for your bank in the internet browser if you need to access your bank’s webpage. Check that you are on the authentic/real site before entering any personal information.
- If you did perhaps click on a suspicious link and think that your device might have been compromised, contact your bank immediately.
- Create complicated passwords that are not easy to decipher and change them often.
Vishing
This occurs when a fraudster phones a victim posing as an official from a bank or insurance company, for example, to get personal and confidential information with the intent to defraud someone.
- Banks will never ask you to confirm your confidential information over the phone.
- If you receive a phone call requesting confidential or personal information, do not respond and end the call.
- Not all vishing calls come from unknown numbers. Often, the numbers will look legitimate. Rather call your bank back directly – on a number that you know is theirs.
- If you receive an OTP – and have not transacted yourself – make sure that you report it to your bank immediately.
SMishing
Also known as SMS Phishing, SMishing occurs when victims receive SMSs requesting personal information or confirmation via a link click in the SMS. Clicking on the link could lead install malware on your device, such as ransomware or spyware or open a spoof (fake) website that looks like your bank’s website or other legitimate organisation.
- Take a closer look and scrutinise an SMS before you act on it. Don’t click on links or icons, and don’t believe the content of the SMS. Using threats such as blacklisting is a tactic to get people to react, and, if you are concerned, contact the company mentioned independently.
- Never reply to a SMishing SMS – delete it immediately.
- Don’t store your credit card or banking information on your smartphone in case malware is installed on your phone.
Business Email Compromise
This occurs when a criminal illegally accesses an email account and communicates as though they are the actual user. Criminals do this by stealing the account holders personal and confidential information through phishing and other means.
Make sure your PC has the most up-to-date OS updates and antivirus software.
- Use a strong password for your email account, one that is at least six characters long, with a combination of letters, numbers, and capitals/lowercase.
- Never list your main email address publicly anywhere online. Use a separate email address for the internet which is not linked to your personal or business email account.
- Don’t use public computers to check email; there’s virtually no way to know if they have been accidentally infected with malware or have had keylogging spyware installed intentionally.
Identity Theft
Identity theft is a combination of personal information – such as your passport or ID document – as well as confidential information such as a PIN, to assume your identity and defraud you.
- Check your bank statements regularly.
- Do not use any information that may have been compromised.
- Register for SMS notifications to alert you when products and accounts are accessed.
- Conduct regular credit checks to verify whether someone has applied for credit using your personal information and if so, advise the credit grantor immediately.
“While these are just a few of the many scams that are out there, it is important – especially in this age where we are spending more and more time online – to be more vigilant and aware of how to avoid being a victim of cybercrime,” said Ebrahim.
Read: Beware these scams and crimes on the rise in South Africa
