https://www.engineeringnews.co.za
Africa|Environment|Financial|Resources|SECURITY|Technology|Training|Solutions
Africa|Environment|Financial|Resources|SECURITY|Technology|Training|Solutions
africa|environment|financial|resources|security|technology|training|solutions

Employee hacking a growing cyber concern in South Africa

6th December 2019

By: Schalk Burger

Creamer Media Senior Deputy Editor

     

Font size: - +

South African enterprises are subjected to an array of cyberattacks, with sophisticated and specifically targeted-type attacks – advanced persistent threats (APTs) – being used to break into targeted companies’ networks, says cybersecurity multinational Kaspersky Global Research and Analysis Team security researcher Dmitry Galov.

The region is starting to experience more sophisticated APT attacks. Cyberattackers, having singled out certain organisations, target average employees and high-profile decision-makers in companies – either to use them as stepping stones to set up backdoors to attack the company or to steal sensitive commercial data directly from an infected device.

“Employees at all levels are often the means through which companies are attacked by APTs,” he says.

For example, an employee may be tricked or coerced into installing a piece of malware or managers and directors can be targeted through spear phishing. The malware will analyse the organisation’s network and information technology environment and will create backdoors that the hackers can use for the next stages of the attack.

Such threat and cyberattack vectors are often difficult to limit, although companies should use available tools and solutions, such as network monitoring and behavioural analysis, to combat them.

“The digital transformation of businesses and industries is inevitable. While this aims to improve value, it also makes companies more vulnerable to targeted cyberattacks and, with this, a loss of customer trust in the event of a breach or hack.”

Further, cyberattackers are increasingly targeting supply chains, as was the case with Operation Shadow Hammer, where threat actors attacked supply chains in order to distribute their sophisticated malware along with program updates. This particular case was investigated at the beginning of this year and presented in April during the Kaspersky Security Analyst Summit, in Singapore.

“The Shadow Hammer case illustrates the sophistication of targeted attacks where the attack remained undetected in plain sight of hundreds of thousands of installations, while targeting only very specific computers. Threat actors selected victims with surgical precision to deploy next-stage malware and exfiltrate data from devices they were interested in, while staying quiet on all the others,” he illustrates.

APTs are used to infiltrate various companies to spy on them. In most incidents, such attacks are targeted and aimed at gaining access to sensitive and confidential information that may be leveraged and the attacks are generally for financial gain. Some attacks are opportunistic and based on information leaks or perpetrated against companies going through periods of change or turmoil. In other cases, APT attacks can be sponsored by competitors or State actors.

“The resources and backing behind some of these APT attack campaigns are significant and, in such cases, we have seen very sophisticated and targeted attacks that use many new techniques and attack vectors. We monitor these and it is always interesting to see how they are evolving and changing their means towards infection success,” Galov says.

The aims of the attacks differ: in some cases, it is States involved in cyberwars and in other cases data is more valuable than money, but there are also splinters of these large hacking groups that attack financial organisations to steal money, as was the case of a subgroup of the large APT group, Lazarus.

“No organisation can be 100% safe from such attacks, but technical solutions, network monitoring and detection tools, security assessments of internal networks and tools to recover quickly from attacks provide a measure of protection.

“However, people still make mistakes and remain one of the major reasons that cyberattackers can get inside enterprises using such attack methods. Therefore, apart from normal cybersecurity awareness and education, threat knowledge provided for employees is a key part of cyberdefence,” says Galov.

This may seem obvious, he adds, but threat actors need only one stepping stone to get into internal networks. Therefore, enterprises should balance threat intelligence, cyberdefence tools and threat training as the price of being part of the digital world.

Edited by Martin Zhuwakinyu
Creamer Media Senior Deputy Editor

Comments

Showroom

Universal Storage Systems (SA)
Universal Storage Systems (SA)

South African leader in Steel -Racking, -Shelving, and -Mezzanine flooring. Universal has innovated an approach which encompasses conceptualising,...

VISIT SHOWROOM 
AutoX
AutoX

We are dedicated to business excellence and innovation.

VISIT SHOWROOM 

Latest Multimedia

sponsored by

Option 1 (equivalent of R125 a month):

Receive a weekly copy of Creamer Media's Engineering News & Mining Weekly magazine
(print copy for those in South Africa and e-magazine for those outside of South Africa)
Receive daily email newsletters
Access to full search results
Access archive of magazine back copies
Access to Projects in Progress
Access to ONE Research Report of your choice in PDF format

Option 2 (equivalent of R375 a month):

All benefits from Option 1
PLUS
Access to Creamer Media's Research Channel Africa for ALL Research Reports, in PDF format, on various industrial and mining sectors including Electricity; Water; Energy Transition; Hydrogen; Roads, Rail and Ports; Coal; Gold; Platinum; Battery Metals; etc.

Already a subscriber?

Forgotten your password?

MAGAZINE & ONLINE

SUBSCRIBE

RESEARCH CHANNEL AFRICA

SUBSCRIBE

CORPORATE PACKAGES

CLICK FOR A QUOTATION







sq:0.084 0.141s - 161pq - 2rq
Subscribe Now