Phishing emails and driveby downloading may be at root of cyberattacks on justice department and space agency
Two more South African government agencies, the Department of Justice and Constitutional Development and the South African National Space Agency (Sansa), have been hit by ransomware attacks.
The attacks come just months after state port operator Transnet’s operations were crippled by a cyberattack that tore through its IT system.
With more people working from home and relying on often insecure internet connections, cyber-incursions have become more frequent in SA and around the world.
In a statement on 9 September, the justice department said its systems had been breached on the evening of 6 September. This led to “all information systems being encrypted and unavailable to both internal employees as well as members of the public”.
“All electronic services provided by the [department] are affected, including issuing of letters of authority, bail services, email and the departmental website,” the department said.
The department said its various units had resorted to manual systems, and that court hearings would continue around the country. In the statement, the justice department refers to phishing emails and “drive-by downloading” (the unintentional download of malicious code to a computer or mobile device) as possible origins of the cyberattack.
The hit on the justice department follows a cyberattack on Sansa, which saw more than 14Gb of data stolen by a group called CoomingProject, which has posted some of the filched data online.
A cybersecurity expert told DM168 that the files taken by the group from Sansa’s server did not seem to contain sensitive information.
Brett Callow, a threat analyst at antivirus software company Emsisoft, said CoomingProject seems to be a new player in the ransomware arena, but had already claimed some big scalps.
“The website appeared about a week ago and we know nothing at all about its operators. To date, they’ve released data which was allegedly hacked from 14 companies in countries including France, Canada, the US and, of course, SA,” Callow told DM168.
Sansa performs space research and assists in the building of spacecraft. It also operates the only regional weather warning facility in Africa and a “magnetically clean facility” in Hermanus. The agency did not respond to a request for comment.