SA now hostage to cyber ransom

The threat cyber attacks pose to the financial sector and government is now a stark reality in SA after the banking industry received “ra n s o m ”demandsfrom agroup callingitself Shadow Kill Hackers. The attack, which promptedthe City of Johannesburg to immediately shut down its billing systems, has shone a troubling light on the country’s strengths and weaknesses in terms of guarding against cyber crimes. Renowned SA information and communicationstechnology analystArthurGoldstuck has warned that the ransom attacks are a “re
al threat to the local government and busin e ss e s ”. On Friday, the SA Banking Risk Information Centre (Sabric) confirmed that the attack on the industry had happened on Wednesday, targeting various public-facing services across multiple banks. The cyber crimetook the form ofa wave of ransom-driven distributed denial-of-service (DDoS) attacks. A DDoSattack attempts todisrupt normal traffic ofa targetedserver, serviceor network by overwhelming the target or its surrounding infrastructure with internet traffic. The attacks started with a ransom note, whichwas deliveredviae-mailto bothunattended aswell asstaff e-mailaddresses, allof which were publicly available. Sabric said threat intelligence which had surfaced, showed that this was a multi-juris
dictional attack with entities from several countries being targeted and should not be viewed asa targeted attack onSA companies o n ly. Because the attacks did not involving hacking or a data breach, customer data was not at risk, Sabric said. Itdid,however, involveincreasedtrafficon networks necessary to access public-facing services which might cause minor disruptions. The City of Johannesburg shut down its website and billing systems after Shadow Kill Hackers found its way into the authority’s system and demanded a ransom of four bitcoins worth about $30,000 (R438,000). Several city employees received the ransom note,which reads: “Allyourservers anddata have been hacked. We have dozens of back doorsinsideyourcity. Wehavecontrolofev
erything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.” Both Standard Bank and Absa informed customers onThursday ofthe internetproblem,but atleastfive banksarebelieved tobe affected. Sabric said defensive strategies had been invoked across the industry and it was confident that the effects on customers would be kept to a minimum. Looking ahead, Goldstuck said it was essential that software and security services were up to scratch. “Vulnerability exists in software that has not been updated. Hackers are always lookingfor publicsystems thathavenot beenupdated. You have to ensure that your personal user data isn’t accessible to the same system that is available to the public,”he told the D i s p atc h . He said user data should be separate from the network itself. Responding to the attacks, co-operative governance spokesperson Makhaya Komisa said: “We are of the view that such reports of a well-organised crime are suited for the intelligence services. “We really feelit is something thatmust be dealt with at national level.” In a statement to the Dispatch on Friday, security expert and J2 Software CEO John Mcloughlin said the demand for cyber security solutions was huge and security spend had already started outpacing IT spend. “Adoption in SA is not yet growing at the same rate,but there isa strong growthin interest and understanding the requirement to do more to protect themselves from cyber t h r e at s , ”said Mcloughlin. Annual globalcyber losses areexpected to hit $6-trillion (R87,74-trillion) by 2021, with cyber security spending projected to exceed a total of US$1-trillion (R14,62-trillion) for the five years leading up to 2021.