Cyberattacks have emerged as a severe threat to businesses, yet many continue to underestimate their…
As an insurance broker or business owner in South Africa, you’re probably well aware of the dangers of cybercrime and the importance of strong cybersecurity measures.
However, you may not be fully aware of what specific threats you face or how attackers are targeting businesses. In this blog post, we’ll take a closer look at the state of cybercrime in South Africa and shed some light on what to watch out for. We’ll also provide some tips on how to improve your cybersecurity posture and protect your business or clients from attacks.
The State of Cybercrime
The cybercrime landscape is escalating, and the inadequate recognition of the need for tighter security controls is escalated because many businesses fail to report attacks. Victims of cybercrime often opt to stay under the radar in order to protect their brand and reputation. The COVID-19 pandemic highlighted a lack of basic cybersecurity controls and caused massive growth in malicious activity.
Here are some key findings from Interpol’s African Cyberthreat Assessment Report October 2021 that illustrate this:
- Over 679 million cybercrime-related emails were detected last year alone—with 219 million of these emanating from South Africa.
- South Africa has the third highest number of cybercrime victims worldwide, at a cost of R2.2 billion a year
- South Africa is estimated to suffer 577 malware attacks an hour
Understanding the ecosystem
The issue is not simply the frequency of these attacks, we must look at the increased severity and sophistication of the methods used by threat actors, and their continuously growing skills and dedication to profiling victims. Gone are the days when hackers acted alone or in small groups.
Cybercrime is now an industry – seeing the potential for big business, criminal gangs and mafia organisations have moved on from drugs and arms and are now working in dedicated offices and call centres. Slick business models such as Ransomware-as-a-Service (RaaS), are made up of executive-style assigned roles one would normally associate with blue-chip companies.
Whether in-house or outsourced, access brokers, partner networks, resellers, and vendors, work together to extort (and double extort) their victims. This enables the targeting of multiple victims simultaneously, handing over to other departments as the negotiation progresses. This is a far cry from the imagined lone attacker sitting in his basement only focused on you.
Operating out of countries all over the world, there are few barriers to entry for ransomware players and they conduct their business with near impunity, as authorities lack the jurisdiction to bring them to justice. Cybercrime is now an attractive ecosystem, with little risk of extradition, prosecution, or sanction and only a faint chance of being traced.
Services in the criminal ecosystem
The cybercrime ecosystem is a surprisingly structured entity, where threat actors collaborate and use black markets to share attack tools and services. Here are some of the models being used:
Access Brokers are a key part of the vibrant criminal ecosystem, providing a crucial service for attackers looking for direct access to systems. After using brute force techniques and credential-stealing malware to obtain initial entry to organisations, they then sell this access to threat actors in underground black markets, often occupied by Ransomware-as-a-Service players.
Ransomware-as-a-Service (RaaS) is a model that illustrates the development of this ecosystem; a pre-packaged and easy-to-deploy means of encrypting data networks and extorting victims for payment. Ransomware attacks are generally delivered through email phishing, a crucial element of the RaaS service. Criminal groups work together to gain access to victims’ networks, deploying their malware, exfiltrating as well as encrypting sensitive data. In cases of Double Extortion Ransomware, criminals threaten to leak data if the ransom isn’t paid. With victims fearing regulatory fines (if the business failed to properly safeguard customer data) as well as reputational ruin, many organisations are coerced into paying.
Malware-as-a-service (MaaS) provides cybercriminals with an abundance of resources to develop, host, and use malware.
Common cyber incidents
Below are some of the most widespread ways attackers gain access:
In each of the following attack types, criminals often use Spoofing to enhance their success rates. They’re able to insert any sender’s actual email address into a forged email, thus impersonating the sender. They use the spoofed email address to appear legitimate and trustworthy, increasing the probability of a recipient falling for their scam.
Business Email Compromise (BEC) Fraud is one of the most prevalent forms of cybercrime today, costing companies millions in fines, lost revenues, fraud losses, and reputational damage. Designed to infiltrate an organisation’s email systems, hackers seek to gain access to critical business information and data to ultimately extract money from the business through email-based fraud. Criminals use a variety of social engineering and phishing techniques to gain entry into mailboxes, deceiving companies into transferring funds into fraudsters’ accounts.
Phishing is an attack where criminals gain access to someone’s mailbox in order to harvest information. Often, a mailbox is hijacked several weeks before the actual attack. Criminals then watch its activity, looking for transactions in progress and carefully planning the fraud.
Spear-phishing attacks are more targeted in their impersonation attempts, with attackers using social engineering techniques to mislead their victims. They often aim to steal the credentials of top executives.
Ransomware can have huge consequences for businesses, including loss of revenue, trauma, and closure. Hackers are increasingly researching their targets and setting ransom demands in accordance with the victim’s revenue. If you become the target of one of these attacks, communicating with ransomware attackers can be a good way to stall them, buying time for digital investigations and negotiation.
How brokers can help
As the threat landscape continues to change, insurance brokers will play an essential role in helping their clients protect themselves from the ever-growing risk of cyberattacks. In other words, brokers need to be prepared to evolve.
By familiarising themselves with the methods cybercriminals use, brokers can help their clients become difficult to surveil and reduce the risk of fraud. Digital risk management is the process of identifying, assessing, and mitigating risks to a business’s digital assets and reputation.
Taking proactive steps to address digital risks can reduce the likelihood of negative consequences if an incident does occur. Vulnerability scans, penetration tests, and strong password policies or multi-factor authentication (MFA) can all form part of a digital risk mitigation strategy.
Cyber risk insurance is an obvious place to start, coupled with the use of a vulnerability scanning tool to detect potential weaknesses. By remedying these vulnerabilities, a business becomes much more difficult target, and criminals are likely to move on to softer targets.
Insurance is primarily about transferring risk from one party to another, and making a client whole again after an incident. However, with the rapid rise of cyber threats, this approach is no longer sufficient. How do you recover from reputational damage and loss of customers after an incident? In order to deal with the current state of cybercrime, we need to shift our focus to include proactive risk mitigation as a way to reduce the likelihood of an incident occurring in the first place.