Traditional cyber-attack platforms still a concern in SA
Web attacks, phishing, and spam remain some of the favourite tactics used by cybercriminals in the local market to compromise individuals and organisational networks and Kaspersky statistics suggest this will not change any time soon.
Maher Yamout, senior security researcher for the global research and analysis team at Kaspersky says; “Although our research shows that only 4% of users were targeted with web attacks in South Africa in January and February 2020, we are seeing more sophisticated samples of web attacks appearing, which is a worry. Furthermore, for the local region, phishing and spam remain a constant concern – and individuals and businesses must practice caution against these threats.”
Avoiding suspicion
Phishing attacks, that lure people into giving away personal information such as passwords and credit card numbers, grew by 23% in 2019 (total of 2,069,552 phishing attacks recorded) when compared to 2018 figures. For the first two months of 2020, Kaspersky research shows that 420,552 users in South Africa have been targeted by phishing attacks.
“Phishing, like social engineering, is a continually evolving threat for the local region. We see a clear trend with stable increase of phishing attacks year-on-year. Hackers link increasingly sophisticated technology with world events to compromise systems and the local market is not immune to this. For example, the current Covid-19 pandemic presents significant opportunities for cybercriminals to try and get people to click on suspicious links and open infected attachments,” continues Yamout.
More of the same
Spam emails, a perennial favourite in the hacking community, are also still a problem. This is especially the case in Africa with many people unfamiliar with some of the sophisticated tactics employed by malicious users.
Yamout adds, “The share of spam has not changed much in the South African region. Our figures for January and February 2020 alone show that 36% of users have been targeted through spam. While we do see that spam emails are caught using primitive security solutions, this does not mean the threat has been addressed. One should not underestimate spam as it remains an important vector for malware distribution.”
Spam is the digital equivalent of junk mail. The sheer quantity of it ensures that inevitably someone will click on something they should not. Often, spam is linked to phishing attacks and can be used to install malicious code onto a recipient’s computer, smartphone, or tablet.
“Cybersecurity awareness must go together with effective defensive measures on all personal and endpoint devices. These attacks are very real, and individuals need to ensure they take these threats seriously and understand what they could mean if successful – not only to protect their own data, but that of the company they work for. And companies must ensure that every employee device is protected with security software and kept updated when it comes to patches and that staff and users are educated around what to watch out for when it comes to web, phishing and spam attacks, to ensure the protection of their sensitive corporate data,” concludes Yamout.