Tag Archive for: African

The Impact Of Ransomware On South African Businesses In 2023

/in


On top of everything else South African businesses have to worry about, ransomware attacks are becoming more and more of a problem. And an expensive one.

An independent survey commissioned by Sophos reveals that a staggering 78% of South African organisations fell victim to ransomware attacks in the past year, marking a substantial increase from the 51% reported in the previous year’s survey.

This surge surpasses the global average of 66%, highlighting the pressing need for businesses in the region to address the ransomware threat effectively.

Ransomware root causes and attack vectors

Exploited vulnerabilities emerged as the predominant root cause of ransomware attacks in South African organisations, contributing to 49% of incidents. Compromised credentials followed closely, constituting the second most common attack vector, affecting 24% of organisations.

These findings underscore the critical importance of regularly patching vulnerabilities and implementing robust identity and access management practices to mitigate these threats effectively.

A concerning 89% of ransomware attacks in South Africa resulted in data encryption, surpassing the global average of 76%. Furthermore, data theft occurred in 35% of these cases, exceeding the global average of 30%.

However, there is a silver lining: 100% of South African organisations successfully retrieved their encrypted data, slightly outperforming the global average of 97%. This emphasises the importance of maintaining secure and accessible backups.

Ransom payments and recovery

While 45% of South African organisations opted to pay the ransom, this rate showed a slight decline from the previous year’s 49%. Globally, the average ransom payment rate in 2023 stood at 47%. Notably, 24% of South African organisations adopted multiple recovery methods simultaneously, demonstrating the importance of having diversified recovery strategies in place.

One revelation of particular note from the survey was the disclosure of a ransom exceeding $5 million (R97.3 million) paid by one organisation (although it wasn’t named). Excluding ransom payments, the average cost for South African organisations to recover from ransomware attacks…

Source…

Czech Republic courts young African leaders with maiden ‘Cool Czechia’ study trip

/in


Between 1948 and 1989, Czechoslovakia – as it was then known – was under communist rule. For decades, there was an absence of opposition while restrictions were in place to prevent Czechs and Slovaks from travelling to non-communist countries.

But in November 1989, a hunger for change and an end to the status quo spread across the country like wildfire. Although sparked by peaceful demonstrations organised by students, renowned dissidents such as the iconic Vaclav Havel would eventually inspire the movement to grow into a clamour for political restructuring and an end to communist leadership.

By November 28 of that year, the agitation yielded fruit as the federal assembly removed the provision in the constitution which regarded the Communist Party as the controlling authority in the country. The movement would later be coined the Velvet Revolution, acclaimed as a remarkable non-violent transition of power.

Given its experience with oppression and subjugation, it is perhaps no surprise that Czechia opened its doors to the Ukrainians following the Russian invasion of the country in February 2022. Since the outbreak of the war, the country has admitted more than half a million refugees from Ukraine, with over 100,000 fully employed across different parts of Czech.

The 18-month-old war and its ripple effects have seen many Western nations realigning and restrategising their partnerships across the world.

The African allure

As Africa improves its economic and geopolitical outlook, many foreign nations are looking to boost their alliances and gain the continent’s support in multilateral fora. The Czech Republic is not left out.

Through a multi-faceted strategy, Czech is looking to expand its partnership with Africa while creating a long-lasting positive impact on the continent.

And what better demographic to forge a relationship with than young Africans on track to become important voices in their respective countries?

Enters ‘Cool Czechia: Young African Leaders Study Trip’ – an initiative conceptualised by the ministry of foreign affairs of the Czech Republic.

From July 26 to August 3, several young African leaders were invited to history-rich Prague –…

Source…

Cybercrime group targeting banks in African Francophone countries

/in


A cybercriminal group continues to target banks and financial institutions in Francophone countries across Africa, with attacks spreading since the outfit was first observed in 2018. 

In a report published Thursday by Symantec, the researchers examined a recent campaign by a group they’ve named Bluebottle, which several other cybersecurity firms have investigated in recent years. 

“Three different financial institutions in three African nations were compromised in the activity seen by Symantec, with multiple machines infected in all three organizations,” the researchers said. “The effectiveness of its campaigns means that Bluebottle is unlikely to stop this activity. The attackers appear to be French speaking, so the possibility of them expanding this activity to French-speaking nations in other regions also cannot be ruled out.”

Symantec found that the group does not use custom malware in its attacks and demonstrates several similarities to the campaign uncovered by the cybersecurity company Group-IB, which tracked attacks on financial institutions in Ivory Coast, Mali, Burkina Faso, Benin, Cameroon, Gabon, Niger, Nigeria, Paraguay, Senegal, Sierra Leone, Uganda, Togo and others.

Group-IB documented a campaign by the same group – tracked by the company as OPERA1ER – that lasted three years, in which the group stole at least $11 million and potentially as much as $30 million in 30 different attacks on banks, financial services, and telecommunication companies mainly located in Africa between 2018 and 2022. 

Image: Group-IB

Both campaigns also had tools with industry-specific, and region-specific, domain names. The campaign tracked by Symantec lasted from about May 2022 to September 2022 and involved the use of GuLoader, a remote access trojan used frequently over the last two years. 

Symantec was unable to identify the initial infection vector but said the earliest malicious files they found on victim networks had French-language, job-themed file names. 

These files were likely used as lures to begin the attack, the researchers explained, noting that in some cases, the malware was named to trick the user into thinking it was a PDF file. 

Examples of file…

Source…

This new hacking group has a nasty surprise for African, Middle East diplomats

/in


A recently-discovered advanced persistent threat (APT) group is targeting diplomats across Africa and the Middle East. 



map

© ZDNet


Revealed on Thursday by ESET researchers, the state-sponsored group, dubbed BackdoorDiplomacy, has been linked to successful attacks against Ministries of Foreign Affairs in numerous African countries, the Middle East, Europe, and Asia — alongside a smaller subset of telecommunications firms in Africa and at least one charity outfit in the Middle East.

Loading...

Load Error

BackdoorDiplomacy is thought to have been in operation since at least 2017. The cross-platform group targets both Linux and Windows systems and seems to prefer to exploit internet-facing, vulnerable devices as an initial attack vector. 

If web servers or network management interfaces are found which have weak points, such as software vulnerabilities or poor file-upload security, the APT will strike. In one case observed by ESET, an F5 bug — CVE-2020-5902 — was used to deploy a Linux backdoor, whereas, in another, BackdoorDiplomacy adopted Microsoft Exchange server bugs to deploy China Chopper, a webshell. 

Once they have obtained entry, the threat actors will scan the device for the purposes of lateral movement; install a custom backdoor, and deploy a range of tools to conduct surveillance and data theft. 

The backdoor, dubbed Turian, is thought to be based on the Quarian backdoor — malware linked to attacks used against diplomatic targets in Syria and the US back in 2013.

The main implant is capable of harvesting and exfiltrating system data, taking screenshots, and also overwriting, moving/deleting, or stealing files. 

Among the tools used is network tunnel software EarthWorm; Mimikatz, NetCat, and software developed by the US National Security Agency (NSA) and dumped by ShadowBrokers, such as EternalBlue, DoublePulsar, and EternalRocks. 

VMProtect was used in most cases to try and obfuscate the group’s activities. 

Diplomats may have to deal with sensitive information handed over through removable drives and storage. To widen the scope of its cyberespionage activities, BackdoorDiplomacy will scan for flash drives and will attempt to copy all files…

Source…