South Africa has more cybercrime than you realise

Ransomware is everywhere and if you don’t think that you could fall victim to such an attack, well let’s put things into perspective.

During the first half of 2021, Africa accounted for 1.7 percent of ransomware attacks worldwide, South Africa alone made up 1.05 percent of these attacks meaning as little as 0.65 percent of attacks were against users in other nations.

This is according to Trend Micro’s mid-year cybersecurity report, Attacks from All Angles 2021.

The report highlights a 47 percent year-on-year increase in email threats as well as malicious files and URLs in the first quarter of 2021 globally.

The research identified vulnerabilities across various device types and operating systems, illustrating an increasing need for a holistic and scalable cybersecurity solution at government, organisational and individual level that covers all angles of their security needs.

Cybercrime is here and ignoring the dangers it poses to your business could prove detrimental.

While ransomware has proved a popular attack vector during the first half of 2021, it’s not the only sort of attack used by cybercriminals.

Malware, COVID-19 related email threats and cloud based attacks are all tools being leveraged by attackers for all manner of attacks.

Ransomware has evolved

In the past, ransomware was very much targeted in that attackers would try to find a user that they could easily compromise and as such, spread an attack throughout an organisation.

In 2021, Trend Micro has seen a spike in what it calls modernised ransomware. This is ransomware that makes use of zero-day exploits to move through an organisation rather than targeting a specific user.

While Trend Micro’s report shows ransomware attacks trending downward – 50 percent decrease from the first half in 2020 – the severity of attacks is cause for concern.

We should also mention that encrypting data is only part of the play in a ransomware attack as many attacks also try to exfiltrate data as well. We saw this with the recent attack on the Department of Justice and Constitutional Development.

COVID-19 related attacks

Throughout the pandemic, cybercriminals have used COVID-19 in a bid to compromise businesses, either directly or by exploiting the way the workforce had to adapt.

Regarding direct exploits of COVID-19, at the top of the pandemic criminals used fake applications to gather personal information but now the vaccine is the carrot being used to lure victims.

“Pre-pandemic, when most of the workforce was office-based, it was easier to secure endpoints and a company’s data centre. Traditional perimeter security has disappeared. It is now found wherever your workforce is located – at their homes, in hotel rooms, coffee shops or coworking spaces. Now, the task requires moving workloads to the cloud and securing every employee, their homes and personal mobile devices, all of which have become companies’ new data centres,” explains cybersecurity consultant at Trend Micro, Zaheer Ebrahim.

Unfortunately, cybercriminals are aware of this shift and Ebrahim has seen an increase in the use of exploits in VPNs as well as cloud images and templates.

“Data gathered from our container honeypot in the first half of 2021 shows that the tools and techniques used to target the cloud have fluctuated back to what we saw in 2019,” Trend Micro explains.

By using exploits and vulnerabilities in cloud templates and images cybercriminals can more easily spread their malware and compromise a business.

Businesses should be adopting a zero-trust approach to cybersecurity. Yes, this creates friction for users and makes things like remote work more complex but protection is more important than convenience.

“As cybersecurity threats continue to increase in frequency and sophistication, Security Operations Center (SOC) teams must streamline their security processes without sacrificing reliability. One way to do that is through Endpoint Detection and Response (EDR), which continually monitors and responds to mitigate cyber threats. EDR acts like a CCTV camera that records all the activities that occur at an endpoint. While it might not be able to prevent a cybersecurity threat, it can playback the breach to strengthen cybersecurity retrospectively and secure any vulnerabilities from future attacks,” says Ebrahim.

You can find the full Attacks from all Angles report for the first half of 2021 here.

[Image – CC 0 Pixabay]


About Author


Related News