Hackers Hit 300,000+ Devices In South Africa In 1 Week As More People Work From Home
As the COVID-19 pandemic and consequent lockdown pushes more people to work remotely with relatively less secure devices, cybercriminals smell blood in South Africa.
According to findings from global cybersecurity company, Kaspersky, there was a major spike in network attacks in South Africa between 15-21 March.
According to the company’s statistics, hackers attacked up to 310,000 devices during that 1-week period, by far outstripping the weekly average of 20,000 to 30,000.
With millions of people working from home, it appears hackers have increased attacks on IT networks. With people accessing corporate networks remotely and possibly from less secure devices, hackers think they have a golden opportunity to exploit.
Indeed, the U.S. Health and Human Services Department has recorded at least one such attack since the outbreak of the novel coronavirus. However, in South Africa, hundreds of thousands of devices have been targeted in recent cyberattacks.
The plan is to break into these systems, gain control over them and compromise sensitive data. At least a third of hacking attempts in South Africa involved brute force to hack passwords, according to Kaspersky.
As MyBroadband reports, Maher Yamout, Senior Security Researcher for the Global Research and Analysis Team at Kaspersky said:
“The region is seeing an increase in attempts to break into the organisations systems to establish control over them, sabotage their work, or access sensitive information.”
Yamout also highlighted that the peak in South African cyberattacks coincided with an increase in remote working in South Africa.
“Remote working provides cybercriminals a prime opportunity to target devices, especially those that don’t necessarily have adequate IT security measures in place,” said Yamout.
“Such a spike recorded, although temporary, leads us to believe that cybercriminals have keenly been focused on the region given the current circumstances.”
And there might be some truth in that as South Africa have had more than a few run-ins with ‘men of the underworld of the internet’ in recent times.
In October 2019, the website of the City of Johannesburg suffered a ransomware attack for the second time in four months. Both attacks were carried out by the same hackers who demanded a ransom payment of 4 Bitcoin (USD 30 K at the time). They had threatened to publicise sensitive data if their demands aren’t met.
In the same month, a number of web hosting companies in South Africa suffered a distributed denial of service (DDoS) attack. The South African Banking Risk Information Centre (SABRIC) said another wave of DDoS attacks affected multiple banks.
Cyber attacks in South Africa have continued in 2020. In February, state-owned power company, Eskom, acknowledged a malware infection and possible data leak. In another attack, Nedbank, one of the country’s biggest banks, suffered a data breach affecting 1.7 million customers.
These attacks compromised corporate networks. But with the outbreak of COVID-19, people are remotely accessing these networks. Hackers are prioritising attacks against people’s devices and software with the hope that they are insecure or lax about basic security.
Tips on how to protect networks during the lockdown
South Africa embarked on a 3-week lockdown last Thursday in an effort aimed at containing COVID-19 with 1,187 confirmed cases so far.
With the exception of ‘essential’ services, many people will have to work from home for the next few weeks. This might mean that many more people would be exposed to cyber threats.
Kaspersky recommends a variety of tips employees should follow when working remotely during the lockdown. And they are listed as follows;
- Make use of a VPN to connect securely to the corporate network.
- Use multi-factor authentication wherever possible.
- Ensure all corporate devices – including mobiles, laptops and tablets are protected with adequate security software.
- Segregate personal devices/life from corporate computers.
- Ensure the latest available updates are installed regularly.
- Only use corporate-approved teleconferencing software.
- Practice basic cybersecurity rules.