Cybersecurity multinational Kaspersky says that from January to April, ransomware attacks in South Africa doubled compared to the same period in 2021, and advanced persistent threats (APTs) are a growing concern in the region.
Ransomware has become the most significant cyber threat of the times and government departments, organizations across all industry sectors and individuals are all targeted.
Growing Threat Requires Reprioritization of Cybersecurity Countermeasures, Says Kaspersky Southern African Development Community Territory Account Manager James Gumede.
“The types of cyberattacks we are seeing in the local market impacting businesses and across different industries reinforce the need to be vigilant and educate employees on what constitutes cybersecurity best practices, especially as the tactics and methods of cybercriminals evolve,” he says.
Kaspersky research also shows that governments, diplomatic entities and educational institutions are increasingly targeted by APT groups. APTs often go undetected for months and typically focus on high-value targets, such as well-known companies and government departments.
“The scale of this threat is such that South Africa has joined Nigeria and Egypt as the three most targeted countries on the continent. We have found that one of the most active threat actors in this regard is TransparentTribe.
“This group focuses on diplomatic entities, educational institutions, ministries and the military. It uses malicious macro-based documents to penetrate organizations and universal serial buses (USB) that can steal data from isolated networks,” Gumede points out.
Also, another very active band in South Africa is Lazarus. This threat actor is focused on stealing money and sensitive information, possibly for national security purposes. It targets everyone from the military and government to telecommunications and pharmaceutical companies.
“Lazarus has a long history of being behind some of the world’s most devastating attacks, including the 2016 Bangladesh heist. Having such an influential threat actor active in the country is cause for major concern,” it adds. -he.
“The attack on [State-owned logistics agency] Transnet showed last year that a successful ransomware breach can stop any business in its tracks and lead to significant financial and reputational repercussions.
“However, for a hospital or other critical infrastructure, not being able to access data and systems can become a matter of life and death,” adds Gumede.
Tracking, analyzing, interpreting and mitigating these ever-evolving cybersecurity threats can take a toll on already stretched business resources and it is for this reason that using a portfolio of integrated threat intelligence solutions is so critical, he says.
“By integrating up-to-the-minute threat intelligence feeds containing information on suspicious and dangerous Internet protocols, uniform resource locators, and file hashes into existing security systems, security teams can inject a level of automation in the process which significantly frees up their time.. This enables the organization to improve and accelerate its incident threat response and investigation capabilities,” he says.
Using a threat intelligence solution allows the company to prevent the exfiltration of sensitive assets and intellectual property from infected machines. The ability to quickly detect infected assets will help ensure the business can stay one step ahead of malicious actors, he adds.
“Threat Intelligence creates an environment where the business can detect and prevent attacks such as ransomware and APTs.
“Effective cybersecurity has evolved and now requires the integration of threat intelligence across an organization’s defensive footprint to protect against the most significant threats it faces today,” Gumede concludes.