ATTACKS ON BANKS
Johannesburg forced to shut down systems after Shadow Kill Hackers cyber gang issues ransom demands
The threat cyber attacks pose to the financial sector and government is now a stark reality in SA after the banking industry received “ransom” demands from a group calling itself Shadow Kill Hackers.
The attack, which prompted the City of Johannesburg to immediately shut down its billing systems, has shone a troubling light on the country’s strengths and weaknesses in terms of guarding against cyber crimes.
Renowned SA information and communications technology analyst Arthur Goldstuck has warned that the ransom attacks are a “real threat to the local government and businesses”.
On Friday, the SA Banking Risk Information Centre (Sabric) confirmed that the attack on the industry had happened on Wednesday, targeting various public-facing services across multiple banks.
The cyber crime took the form of a wave of ransom-driven distributed denial-of-service (DDoS) attacks.
A DDoS attack attempts to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with internet traffic.
The attacks started with a ransom note, which was delivered via e-mail to both unattended as well as staff e-mail addresses, all of which were publicly available.
Sabric said threat intelligence which had surfaced, showed that this was a multi-jurisdictional attack with entities from several countries being targeted and should not be viewed as a targeted attack on SA companies only.
Because the attacks did not involving hacking or a data breach, customer data was not at risk, Sabric said.
It did, however, involve increased traffic on networks necessary to access public-facing services which might cause minor disruptions.
The City of Johannesburg shut down its website and billing systems after Shadow Kill Hackers found its way into the authority’s system and demanded a ransom of four bitcoins worth about $30,000 (R438,000).
Several city employees received the ransom note, which reads: “All your servers and data have been hacked. We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”
Both Standard Bank and Absa informed customers on Thursday of the internet problem, but at least five banks are believed to be affected.
Sabric said defensive strategies had been invoked across the industry and it was confident that the effects on customers would be kept to a minimum.
Looking ahead, Goldstuck said it was essential that software and security services were up to scratch.
“Vulnerability exists in software that has not been updated. Hackers are always looking for public systems that have not been updated. You have to ensure that your personal user data isn’t accessible to the same system that is available to the public,” he told the Dispatch.
He said user data should be separate from the network itself.
Responding to the attacks, co-operative governance spokesperson Makhaya Komisa said: “We are of the view that such reports of a well-organised crime are suited for the intelligence services.
“We really feel it is something that must be dealt with at national level.”
In a statement to the Dispatch on Friday, security expert and J2 Software CEO John Mcloughlin said the demand for cyber security solutions was huge and security spend had already started outpacing IT spend.
“Adoption in SA is not yet growing at the same rate, but there is a strong growth in interest and understanding the requirement to do more to protect themselves from cyber threats,” said Mcloughlin.
Annual global cyber losses are expected to hit $6-trillion (R87,74-trillion) by 2021, with cyber security spending projected to exceed a total of US$1-trillion (R14,62-trillion) for the five years leading up to 2021.