CYBER BLITZ HITS SA
Government website shut down in strike
THE world is under a cyber attack and South African businesses and organisations have been hit. In some parts of the world, companies have been crippled in the latest attacks.
This week, hackers accessed the Department of Basic Education’s (DBE) website and posted messages and photographs.
Last night the DBE sent out a tweet in which it warned that hackers had accessed its site and posted gory pictures of decapitated corpses, some of whom were children.
The department distanced itself from the images, which it said could incite hatred and violence. The matter has since been handed to the State Information and Technology Agency for investigation.
Pieter Erasmus, an IT security strategist based in Johannesburg, said the threat was far bigger than most corporate executives realised.
Erasmus is responsible for maintaining IT security at a number of banks and some of the largest JSE-listed companies.
He said his company was having to defend against ever-increasing levels of sophisticated attacks.
“We are dealing with top-tier organised crime syndicates in countries like China, Russia and North Korea, who will go to any length to penetrate systems.
“The biggest threat is with disgruntled employees who either have an axe to grind or want to help themselves to company funds and the issue of ignorant employees who can be tricked into disclosing passwords and other valuable information without even realising that they have compromised the company’s integrity,” he said.
He said he often found with new clients that the most basic principles of IT were being ignored.
“This includes opening e-mails from unknown senders or clicking hot links on websites that install malware on computers that give hackers access to the entire network,” said Erasmus.
Alan Cooper, a Durban-based technology columnist, said cyber crime was a real and growing threat.
“Stealing money remotely and electronically is a lot easier and less dangerous than trying to do it with guns in the physical world.
“Ransomware like WannaCry, which caused havoc globally, is a prime example.
“All the data on computers infected with ransomware is encrypted, leaving the owners locked out until they pay the hackers a ransom. And that’s just one kind of cyber crime.
“Syndicates are also using a combination of phishing e-mails and collusion with crooked staff in cellular companies and banks to clean out people’s bank accounts,” said Cooper.
He said that while the police had a cyber crime unit, it was difficult to track down hackers.
“Any police unit tackling cyber crime is at a big disadvantage. The criminals are often on the other side of the world, hidden behind layers of anonymity. Perpetrators of ransomware attacks typically demand payment in Bitcoin, which is virtually impossible to trace,” he said.
He advised companies to ensure they had the most up-to-date operating systems, as well as security patches on their computers or smartphones.
Sources
“Don’t download apps and programs from unknown, untrusted sources. Never click on any link in an unsolicited e-mail. If you have any doubts, contact the person or organisation directly.
“Never log into your bank account via an e-mail link. Rather type its web address directly into your browser or use the app on your smartphone or tablet. And do not log into any password-protected site or one where you will give any personal information when connected to an unsecured Wi-Fi hotspot, such as the ones you find at coffee shops or airports.”
South Africa is trying to do its bit to curb cyber crime. John Jeffery, Deputy Minister of Justice and Constitutional Development, said with great technological advances came greater risks.
He was speaking recently at a media briefing on cyber crimes and the cyber security bill. “The new proposed Cybercrime and Cybersecurity Bill gives effect to the mandate of effectively dealing with cyber crimes,” he said.
“Deterring cyber crime is a vital component of a national cyber security and critical information infrastructure protection strategy.
“This includes the adoption of appropriate legislation against the misuse of information communication technologies for criminal purposes,” he said.