South Africa: A place where, according to some foreigners, residents keep lions as pets, and the internet is only just a dream. For that reason, cybersecurity also just seems like a waste of time and money to most South Africans, because who would ever want to do anything bad to us?
Well, this week should’ve been an eye-opener to most South African companies and the government. We’re no longer in the dark (regardless of Eskom)! This was made very clear to us when we got hit with not one or two, but 3 major cybersecurity breaches in a period of just 4 days. These breaches came fast, unexpectedly and at great cost. It kind of made me question whether or not South Africa is even ready to be connected on the internet (or whether we should be watched closely like a 16-year-olds who just got their first phone).
The City of Johannesburg Ransomware Attack
The first major attack came on Thursday and I honestly must say that it didn’t shock me too much. Ransomware hitting machines at the City of Johannesburg municipality. To be honest, I feel like there is more money currently allocated to luxury homes for government officials than there is for any government or municipal cybersecurity department. Which is scary because that simply means that our president’s toilet paper is safer than our country’s IT resources.
In case you don’t know what ransomware is yet, here is a quick and simplified lesson:
Someone gains access to your PC and adds a password to all of your files and only offers to give you the password if you pay them a certain amount of money. The software that allows them to gain access to do this is called the ransomware.
Basically, this means that if the City of Johannesburg doesn’t pay the hackers and they don’t have backups of these files, the files will be lost forever. The hackers were also unfriendly enough to hack them in the first place, so payment also doesn’t guarantee anything.
Ransomware attacks can be prevented, just like viruses. Most antivirus software has anti-ransomware functionality and the vulnerabilities that allow for ransomware to do its job are also often caught and patched very quickly by OS vendors like Microsoft. In fact, if you just made sure that you have a strong, up-to-date antivirus package and the latest version of your OS, you could probably avoid ransomware completely. But, as some of the screenshots of the ransomware message from these attacks showed, the municipality is still using Windows 7 (which means that they’re probably a bit behind on implementing these prevention systems).
South African Banks DDOS attacks
And then, just as we were getting over this major breach, some major South African banks got hit with a DDOS attack on Friday night. In case you also don’t know what a DDOS attack is, it can be easily explained by likening it to the behaviour of the EFF in parliament. Imagine you have a group of people who legitimately want to do something (like having discussions in parliament in order to run a country). Then you also have a group of people who want to prevent the first group from doing that task, by pretending that they want to do the same thing, but never actually getting to it.
This is exactly how a DDOS attack works. Attackers try repeatedly to access a service, without an intent to actually make use of it. As they do this, the service becomes congested and people who want to legitimately use it, cannot access it at all. It is important to note that this kind of attack usually doesn’t lead to data being maliciously obtained, but it does cause people to get irritated with a service, quite quickly.
Finally, ISPs Took The Fall
And just as everyone started to consider unplugging their routers and reverting to Windows 95 (with Workgroups, of course), a couple of Internet Service Providers also got hit with DDOS attacks on Sunday. I really didn’t see this one coming! The attacks mostly affected hosting clients, but I can imagine that the effect on the network may also have been felt by those using the companies for internet connectivity. It does however also seem like the ISPs were better equipped and prepared to deal with these attacks though, as they lasted only a couple of hours. On the other hand, I think the City is still trying to get a Cybersec Specialist to just look at their issue!
Predicting the Future
One would think that this would be enough for South African companies to very quickly start allocating budgets to their IT security, but that’s not the case. Even though there was a huge spike in Google searches for keywords like “ransomware”, it didn’t really seem to up the searches on how to prevent these issues. In fact, I know of quite a handful of large corporations that still use outdated operating systems (like Windows 7 and even XP), with very little or no protective systems in place.
This is mostly because it remains extremely expensive to implement these systems and have really strong IT security teams. Therefore, it does seem like we’ll see a lot of these attacks in the future. But, just in case you do need help making your IT world more secure, we’ve got Security+ Certified Engineers. Just give us a call!
Remember that one also has to consider risk versus cost now, especially if your company works with personal or sensitive data (which is something most companies do!)