There was a time when a badly worded sentence in a subject line was enough to identify a scam e-mail, but those days are fast disappearing.
AI and with it the likes of ChatGPT are allowing confidence tricksters to write better e-mails that are fooling victims into falling for romance scams, and opening them up to ransomware attacks and identity theft.
South Africa is already in the crosshairs of cybercriminals, with increasing attacks on government institutions and corporations. Experts believe it is only going to get worse. Last week the Companies & Intellectual Property Commission came under cyberattack and joined a growing list of local companies that have experienced recent security breaches.
One of the better known incidents was a ransomware attack on Transnet in 2021. As is typical, the attackers encrypted files on the transport authority’s computer system, preventing employees from accessing them. The criminals also sent instructions on how to pay the ransom. Six days after the attack began, the department of public enterprises declared that operations had been restored at the ports and that none of Transnet’s clients’ data had been compromised in the attack. Public enterprises minister Pravin Gordhan later said no ransom was paid.
“Since Transnet there has been more of a focus on Africa,” says Joey Jansen van Vuuren, professor of computer science at Tshwane University of Technology. “They see Africans as not being as cyber-aware as elsewhere.”
South Africa, according to the latest State of Ransomware 2023 survey, has experienced one of the largest increases in such cyberattacks over the past year. The survey, commissioned by the cybersecurity company Sophos, found that South African companies and institutions experienced a jump in cyberattacks, from 51% of organisations surveyed in 2022 to 78% in 2023. Of those attacked, 45% said they paid the ransom.
This global increase in ransomware attacks has spawned the growth of a new professional — the ransomware negotiator, who haggles with the criminals to secure a lower price.
An advisory released by the South African Cybersecurity Hub, which falls under the department of communications & digital technologies, suggests companies should plan for a worst-case scenario where they do an estimate of costs that would include responders, negotiators and recovery of data.
E-mails, says Jansen van Vuuren, are still the weapon of choice for many of these cybercriminals, carrying 92% of malware used in cyberattacks.
Zamani Ngidi, senior client manager: cyber solutions at Aon South Africa, says the higher value of bitcoin, the hard-to-track preferred currency of attackers, will also fuel an increase in ransomware attacks.
Ransomware criminals are also now double-dipping, says cybercrime expert Jacques van Heerden. “First they extort the company, then they go after the company’s customers.”
A new worrying trend, says Jansen van Vuuren, is that ransomware can jump and encrypt information that is not properly protected in the cloud.
But while new technology is coming into play, the success of cybercons still relies heavily on human ingenuity. Social media, says Sharon Knowles of Da Vinci Forensics & CyberSecurity Specialists, is an increasingly important tool in the attacker’s arsenal, particularly when it comes to identity theft. Criminals scour social media in the hope of finding information they can use to trick a victim into opening an e-mail.
Cyberattackers have also started specialising in targeting various sectors within the economy. An emerging trend is hitting educational institutions, with at least three or four known attacks on universities over the past six months, according to Jansen van Vuuren.
“They target educational institutions because how do you control 50,000 students and 6,000 or 7,000 staff and make sure they follow protocol?” she says.
In the near future AI is expected to make the work of cybersecurity personnel even more difficult. AI-generated images may still be easy to spot, but Knowles believes this will soon change. Already, doctored voice notes have been used in scams over social media.
But there is help, Knowles says, AI can also be used in the fight against cybercrime. “There is the good, you can analyse vast amounts of data that might indicate a threat and it would be faster than a human analyst.”
But the problem experts agree on is that while these new hacking technologies are likely to radically change the cyberprotection industry, most South Africans still need to get the basics right when it comes to protecting their data. “They don’t want to understand cybersecurity,” says Van Heerden. “You still have people using ‘Password123’ as their password, though the trend for the new year is to make it ‘Password2024’.”
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.