Cybersecurity: A full view of the risks ahead, and what we can do nowBy Ryan Noik 1 December 2021 | Categories: Corporate Events
Maria Garnaeva, a senior security researcher at Kaspersky, explained that South Africa, along with Kenya and Nigeria, is facing a dramatic change in the threat landscape. In this, there is both good news and bad news. On the former, she noted that self-propagating malware is decreasing dramatically, as it is no longer effective and cannot fly under security radars. While these ordinary threats are declining, the bad news is that there is a significant rise in targeted malware, and all three countries will have to contend with the growth of new cybercrime models in 2022.
She elaborated that cybercrime tools are becoming more targeted, and this is exacerbated by a long running trend where malware creators rely not on the technical advantage of their technologies over security protection, but on human vulnerability. This has stimulated the evolution of phishing schemes in 2021. In particular, the region saw a wave of ‘Anomalous’ spyware attacks.
Something familiar, and something new
The company explained that the usual phishing spyware attack begins when attackers infect a victim by sending them an e-mail with a malicious attachment or a link to a compromised website and ends when the spyware is downloaded and activated on the victim’s device. Having gathered all necessary data, the operator usually ends the operation by attempting to leave the infected system unnoticed.
Anomalous attacks are different, more insidious, and longer lasting. In anomalous attacks, a victim’s device becomes not only a source of data but also a tool for spyware distribution. Having access to the victim’s email server, the malware operators use it to send phishing emails from a legitimate company’s email address. In this case, anomalous spyware attacks an organisation’s server in order to use it to collect stolen data from another organisation and send further phishing emails.
Steel yourself for the stealers
Beyond that, there are some well-defined goals for the use of anomalous spyware. These include compromising business email accounts, stealing credentials for financial services such as online banking accounts, wallets, and crypto exchanges, stealing credentials for social networks and other public internet services; and stealing credentials for corporate network access services (SMTP, SSH, RDP, VPN).
“The Anomalous spyware attacks have a huge potential for growth in South Africa, Kenya and Nigeria in 2022, because unlike regular spyware the entry level for attackers who wish to employ this tactic is significantly lower - since instead of paying for their own infrastructure, they abuse and employ the victims’ resources. We see that cheaper attack methods have always been on the rise in the region and cybercriminals quickly pick up on new tactics. Kaspersky therefore suggests that in the nearest future, these countries should be prepared for such attacks,” she urged.
Mass scale attacks here to stay
That is not all. Mass scale attacks are not disappearing, but rather transforming. Garnaeva unpacked mass-scale and pervasive fake installers campaigns, where fake pirated software sites serve up malware as a service. The scheme usually begins when a user searches for a free version of an extremely popular legitimate software.
Cybercriminals offer them a fake installer using ‘black SEO technic’ – the abuse of the legitimate search engines, resulting in the offering of the fraudulent websites first. As a result of software installer execution, a few dozen malware samples are downloaded and installed with a goal of turning the infected devices into a part of the Glupteba botnet. The whole fake installers campaign and botnet has been extremely active in South Africa in 2021 and continues to evolve, yet it is scarcely researched.
Pervasive fake installers campaigns use the lure of some familiar, and highly desirable software, to catch their prey. Top of the list is Microsoft Office 365, Windows 10 Pro and Adobe software. Call of Duty is also a favourite amongst cybercriminals.
“While the Glupteba botnet seems to be a threat for consumers, we are still researching it and keeping an eye on its behaviour, since some distributed malware resembles APT-related samples like Lazarus APT groups and were recently used in the largest DDoS attack in Russia,” noted Garnaeva.
“It is too early to say it with a high level of confidence, but these factors may suggest that we are now entering the era where APT actors start to use existing malware distribution platforms which makes an attribution of such attacks harder and opens a new vector similar to supply chain attacks,” she continued.
Who’s at risk?
Garnaeva then pinpointed the industries in South Africa that are more under threat by cyberattacks. These include government, fintech, manufacturing, IT, mining, telecoms, defense, energy and pharmaceutical industries. Both Kenya and Nigeria, interestingly, have a narrower spread of industries that attackers find attractive, and they differ slightly. In Kenya, for example, the educational sector is a target, while in Nigeria, law firms and media companies are in the crosshairs. Alas, she noted that attackers will likely continue to exploit the pandemic even as the world tries to distance itself from the global health crisis of the past 20 months.
Furthermore, a familiar, but still disturbing threat, ransomware, hasn’t gone away. Garnaeve revealed that it is now being used to effect double extortion, first by locking organisations out of their data, and then by threatening to use their data against them, by releasing confidential information.
Also revealed was that ransomware does not only enter an organization through the likes of phishing emails or malware. Increasingly, it is coming in through infected SSL-VPN devices – through hardware – on a network. As well, more attacks by using network attached devices are expected in the year ahead.
Enterprises, take note
Murno Fourie, the enterprise customer lead at Kaspersky, added three more trends to be on the alert to, namely the growth of cryptocurrency in Africa. This, he explained is attractive to cybercriminals for a variety of reasons. Along with being popular, crypto can be entered into easily by anyone, as it has a low barrier to entry, which brings with it the risk that people entering the space may well have poor cybersecurity hygiene.
Secondly, Fourie echoed Maria’s opinion that we there will be more vaccine related phishing campaigns targeting employees and workers. Indeed, as the past week has shown, twith the discovery of the Omicron variant, the pandemic is still top of people’s mind and causing a good amount of concern.
The third trend Fourie highlighted was the continued skills shortage in the enterprise space. Enterprise will need to grapple with whether they keep inhouse cybersavvy personnel, outsource according to their requirements, or do some combination of each. For small and medium businesses, they will likely need to respond to this trend by leveraging automation and outsource the skills they need to stay on top of the cyber dangers that they are facing.
Fourie closed by encouraging businesses to flip the script. “Rather than only looking at our employees as the weakest link to cybersecurity efforts, how about if businesses instead saw them as their first line of defence? And rather than creating fear in their minds about making a mistake with regards to cybersecurity, how about if organisations instead rewarded their employees good cyber hygiene and reporting security incidents?” he encouraged.
Staying cybersecure in a nutshell:
In order to stay protected from such new cybercrime models and threats, Kaspersky offered us some bullet points of what organisations and individuals can do.
• Pay close attention to and don’t open any suspicious files or attachments received from unknown sources.
• Do not download and install applications from untrusted sources.
• Do not click on any links received from unknown sources and suspicious online advertisements.
• Create strong passwords and don’t forget to change them regularly.
• Always install updates. Some of them may contain critical security issues fixes.
• Ignore messages asking to disable security systems for office software or antivirus software.
• Use a robust security solution appropriate to your system type and devices, such as Kaspersky Internet Security or Kaspersky Security Cloud.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?