Read time: 3 minutes

South Africa ‘ill-prepared’ for cyber attacks

By , Editor, ITWeb Africa
South Africa , 31 Jan 2013

South Africa ‘ill-prepared’ for cyber attacks

Security breaches of South African company websites by a hacktivist group have highlighted how unprepared the country is when dealing with cyber attacks, says a top expert.

Team Ghost Shell, a hacker group claiming links to hacktivists Anonymous, tweeted this week that it had leaked 700,000 account details stored in African website databases.

Details such as individuals’ names, account passwords, identification numbers and even high school pass marks have been exposed.

And websites of South African companies, such as Johannesburg Stock Exchange (JSE) listed Woolworths Holdings, dominate the list of Ghost Shell’s African targets.

Woolworths has said that it is aware of the attacks on its website and has even closed down its investor relations website that was compromised.

Meanwhile, Ghost Shell says it plans to break into South Africa’s government information databases and expose evidence of corruption, as part of its "#ProjectSunRise – Africa's heart" operation. But the group has thus far largely targeted private and public companies and exposed citizens’ personal details.

The South African arm of hacktivist group Anonymous has also publicly distanced itself from Ghost Shell.

Nevertheless, an expert has expressed concern over the apparent large scale website security breaches in South Africa.

“I am concerned that we are not prepared as a country to deal strategically with cyber attacks,” says Craig Rosewarne, the former founder and chairman of the Information Security Group of Africa and current managing director of Wolfpack Information Risk.

“Most companies and even agencies are not co-operating effectively to share intelligence,” Rosewarne adds.

Rosewarne says that Wolfpack Information Risk, in its 2012/13 ‘South African Cyber Threat Barometer’ report, identified internet banking, e-commerce and social media websites as being the top targets for criminals.

The report goes on to say that criminals are after logon credentials, bank or credit card information and personally identifiable information of South Africans, with the most common attack methods being phishing, the abuse of system privileges and malicious code infections.

However, despite the risks South Africans face online, Rosewarne acknowledges that the country’s government is attempting to curb the problem.

In March last year, South Africa’s government adopted a ‘National Cybersecurity Policy Framework’, which seeks to combat cyber warfare and cyber crime; develop, review and update existing substantive and procedural laws; and build confidence and trust in the secure use of Information and Communication Technologies (ICT).

The South African government is also finalising plans for a national cyber security hub and ‘cyber inspectors’. The hub is planned to form as a central contact point for online security initiatives across the country, while government is looking to establish a National Cyber security Advisory Council (NCAC) in collaboration with the private sector. Government has said these initiatives could be launched in 2014.

But while these government measures are slowly being introduced, David Emm, a malware expert for the European Research Centre at antivirus and security software firm Kaspersky Lab, says that South Africa is not unique in being targeted by the likes of Ghost Shell.

Just last month, login details from 1.6 million accounts were posted online by hacktivist group Ghost Shell after it carried a series of attacks on the United States’ National Aeronautics and Space Administration (Nasa) and the Federal Bureau of Investigation (FBI). The European Space Agency was also hit.

In a statement posted online, Ghost Shell said the attacks were part of its ‘#ProjectWhiteFox’ campaign to promote freedom of information online.

Ghost Shell’s attacks, particularly on South African websites, has come at a time when the country has experienced upheaval in its mining sector with crippling violent strikes.

“The motivation of such groups is often socio-political, in the widest sense,” Emm says.

“So activities of governments, commercial and non-commercial bodies alike around the world can provide a trigger for them.

“That such actions should occur in South Africa is a measure of how important the internet has become there, as much as political events. Political events may provide the motives, but ‘hacktivism’ could not be successful without an economic infrastructure that’s dependent on the internet,” says Emm.

Emm adds that owing to Anonymous distancing itself from Ghost Shell, this could be an indication that the latter group is loosely organised.

All South African businesses need to safeguard themselves

Organisations big and small in South Africa then need to protect themselves to try to prevent being hit, says Emm.

Emm says all organisations hold data that could be of value to cybercriminals; and they can also be used as ‘stepping-stones’ to reach other companies.

He adds that while cyber attacks could be highly-sophisticated, the starting point for a hacker attack is to attempt to trick individuals in the company into doing something that puts the organisation’s security at risk.

Cybercriminals also gather information from social networks and other public resources that allow them to tailor their attack to bypass the company’s security, says Emm.

Eight tips to safeguard your business

Security solutions firm Symantec further offers eight tips to tightening up an organisation’s online protections:

  • Know what you need to protect: One data breach could mean financial ruin. Look at where your information is being stored and used, and protect those areas accordingly.
  • Enforce strong password policies: Passwords with eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?) will help protect your data.
  • Map out a disaster preparedness plan today: Don't wait until it's too late. Identify your critical resources, use appropriate security and backup solutions to archive important files, and test frequently.
  • Encrypt confidential information: Implement encryption technologies on desktops, laptops and removable media to protect your confidential information from unauthorized access, providing strong security for intellectual property, customer and partner data.
  • Use a reliable security solution: Today's solutions do more than just prevent viruses and spam; they scan files regularly for unusual changes in file size, programs that match known malware, suspicious e-mail attachments and other warning signs. It's the most important step to protect your information.
  • Protect Information Completely: It's more important than ever to back up your business information. Combine backup solutions with a robust security offering to protect your business from all forms of data loss.
  • Stay up to date: A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current.
  • Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats, as well as what to do if they misplace information or suspect malware on their machine.
Daily newsletter