International espionage incident should ring Africa's alarm bells
International espionage incident should ring Africa's alarm bells
Much like the situation globally, Africa's cyber security threat landscape is significantly broader than people realise – and the reality of 5th generation cyber attacks is reflected in an investigative article posted by Bloomberg titled The Big Hack: How China Used a Tiny Chip to Infiltrate US Companies, according to cyber security firm Check Point.
The in-depth piece details an attack in 2015 by Chinese spies which the authors say reached almost 30 US companies, including Amazon and Apple, "by compromising America's technology supply chain".
In a brief synopsis of the article, Check Point highlighted several points including that during the top-secret probe (which remains open more than three years later) investigators found a tiny microchip nested on the servers' motherboards that wasn't part of the boards' original design, moreover investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines.
It also added that investigators found that this attack eventually affected almost 30 companies, including a major bank, government contractors, and Apple Inc.
According to Check Point the article focuses on what is seemingly a highly sophisticated 5th generation cyber attack (large scale, sophisticated technology that attacks the target from multiple vectors) "that enables attackers to download malicious code and infect the server operating system on potentially tens of thousands of agencies and businesses."
Rick Rogers, Regional Director - Africa at CheckPoint said, "This story proves, once again, the dreadful security risks which inevitably result in the growing use of digital platforms, specifically in cloud services. Through this attack it is clear that the security of the global technology supply chain had been compromised. With international technology brands expanding into territories like Africa, offering services like cloud computing to local companies, it is not impossible for cyber-criminals to deploy the same tactics to target local companies and their critical data, "
"However, it is possible to prevent these kinds of attacks using a comprehensive real-time perimeter security solution that can reduce the time it takes to respond to such attacks from years to hours and can provide true and effective prevention."
In May 2018 Rogers said the mindset that 'it won't affect us' or 'we're not significant enough to be a target' exists in Africa and is playing into the hands of cyber criminals.
"Often businesses have the incorrect notion that if they have the correct technology in place, they'll be ok. Although technology is a vital component – user education around vigilant behaviour is equally important. Sometimes it's the C-level executives themselves that think they don't need to follow policy because they have the right solutions in place – and this sets the completely wrong tone throughout the organisation."
The weak point according to Check Point is that instead of deploying end-to-end solutions, businesses are still implementing solutions to protect isolated areas of the business.
The company said enterprise cloud adoption is accelerating, enabling greater business agility and efficiencies through both deployment of hybrid cloud infrastructures like Amazon Web Services, Microsoft Azure and VMWare NSX; and migration to cloud-based applications such as Microsoft Office365, Google G-Suite, Salesforce, ServiceNow, Slack, Box, Dropbox, Egnyte and more.
"There is also an increase in multi-vector attacks on cloud workloads and cloud applications including malware, as well as increasing incidences of account hijacking," it added.