Transnet cyber hack a warning of risk to SA
Country vulnerable as pandemic unleashes ransomware strikes
You could call it the global third wave of cybercrime: the hacking of the Transnet information technology system in SA comes as the world grapples with an unprecedented level of hacking and ransomware attacks.
Transnet joins tens of thousands of victims of ransomware, in which hackers break into computer systems and encrypt or steal files in order to demand a ransom payment.
The first ransomware attack goes back as far as 1989, when the health-care sector was targeted.
However, utilities have become a prime target in 2021, with many of the attacks originating in Russia.
Most early hacking attacks were focused on breaking into computer networks. During the second wave individuals were targeted in an increasingly connected world.
In the past decade, ransomware has become more widespread, and went global in 2017 with the Wannacry ransomware, affecting more than 200,000 computers in 150 countries. The number of attacks has continued to escalate since then, with costs running into tens of billions of dollars.
The most high-profile case so far this year was an attack on the Colonial Pipeline Company in the US, which disrupted fuel supply to the US East Coast for several days in May. A $4.3m (R63m) ransom was paid, about half of it later being recovered by the FBI.
In an attack on Miami software developer Kaseya early in July, 1,500 US companies were held to cyber ransom. This prompted US President Joe Biden to urge Russian President Vladimir Putin in a phone call to clamp down on cybercrime gangs in his country. Days later, various websites of the Russianspeaking ransomware gang behind the Kaseya attack, REvil, disappeared from the internet.
However, alleged government-sponsored ransomware attacks are only a small part of the overall “threat landscape”, with so-called bad actors ranging from corporation-style professional gangs with sophisticated business models to lone operators with a point to prove, and many small and large players in between.
The number of operators exploded during the first year of the pandemic, as remote workers who were no longer
protected by the cyber defences of corporate networks became more vulnerable.
During the first global lockdown, Eugene Kaspersky, founder of global cybersecurity company Kaspersky, told Business Times: “The big enterprises have IT security teams that can provide the necessary level of security at home for every employee. But … not many businesses have this ability, they don’t have the resources, they don’t have people for that. And unfortunately, especially small and medium businesses, their employees at home in terms of security are almost naked.”
The result is that individuals are increasingly targeted in order to get access to their employers’ systems.
Though Transnet has not revealed the nature of the attack that brought its port operations to a standstill this week, ransomware has been widely blamed. Transnet appears to have had backups in place, allowing it to bring components of its system up progressively.
“I suspect this was a ransomware attack,” said Anna Collard, senior vice-president for content strategy at security awareness trainers KnowBe4.
“With the US declaring ransomware a national threat, more criminals will shift their attention towards the emerging economies, and SA is quite attractive.
“On the one hand, we have developed infrastructure, a high degree of digitalisation — but, at the same time, not enough government capacity to defend against this on a national level.”
Now, said leading South African cybercrime consultant Craig Rosewarne, founder of Wolfpack Information Risk, “the cybercrime market has gone quite crazy”, and many organisations are not prepared.
“From a leadership point of view, there is a disconnect between understanding the role of running the business and generating revenues and services on the one hand, and understanding the risks to the organisation on the other,” Rosewarne said.
“There is another disconnect at a more tactical level, and that’s the responsibility to manage all these risks. We’re seeing huge complexity in terms of companies having multiple channels, and some equipment or infrastructure being managed by an IT department, some outsourced, and some sitting in the cloud. And then you’ve got this explosion of bring-your-own-devices and the Internet of Things, creating a technological tsunami that increases the complexity even more.
“Executives don’t really have a handle on this risk. As a result, insufficient budgets and resources are allocated, and the teams that are trying to manage this thing don’t have enough people helping them — and skills are short in the marketplace as well. This results in fatigue and people taking chances and making mistakes.”
Harish Lala, CEO of Zensar SA, local subsidiary of an India-listed technology company that assists businesses in digital transformation, agreed that vulnerabilities have increased dramatically — and that a lack of skills and resources results in mistakes.
“These attacks are here to stay. As technology is evolving, so are the attacks evolving in maturity, but the skills we need to counter them are not evolving as fast, and that’s why we are seeing more and more successful examples of ransomware,” said Lala.
“A big mistake made by many organisations is that all the investment in upgrading IT goes into new systems, but none into constantly testing the systems.
“Before anybody with a malicious intent is testing you, you have to be investing and testing yourself in terms of overall vulnerabilities out there. It’s like insurance, which is treated as a big cost as long as attacks don’t happen, but, when the attack happens, it is very costly not to have it.”
More criminals will shift their attention to the emerging economies, and SA is quite attractive Anna Collard
Senior vice-president, content strategy, at KnowBe4