Arrests in cyber extortion probe hailed

Experts have warned businesses and consumers to be on high alert as the festive season comes with increased cybersecurity risks.

Experts have warned businesses and consumers to be on high alert as the festive season comes with increased cybersecurity risks.

Published Dec 18, 2023


While the Hawks have set their sights on arresting more suspects linked to an ongoing cyber extortion-related probe, experts have warned businesses and consumers to be on high alert as the festive season comes with increased cybersecurity risks.

This follows the arrest of a current and an ex-employee of an omni channel payment solution company, who allegedly loaded software on to the firm’s system, opening the floodgates for cyber-extortion.

The two suspects are due in the Wynberg Magistrate’s Court on Monday, with more arrests expected to follow.

A multidisciplinary team comprising the Hawks based in Bellville, Crime Intelligence and the Tactical Response Team in the Western Cape on Thursday apprehended the two, aged 34 and 42, for contravention of the Cybercrimes Act 19 of 2020.

The suspects, a current and a former employee of Ecentric, a multichannel sales and marketing payment solutions partner that provides clients with payment processing software for in-store and online payments, allegedly loaded software on to Ecentric’s system, which allowed remote access.

“Their actions led to an unknown person making contact with Ecentric indicating that they had compromised various aspects of Ecentric’s IT environments and demanding a ransom.

“Threats were made that if the ransom was not paid, all the data would be published on every platform, including their gateway competitors, stakeholders, the public and Ecentric’s regulators,” said Hawks spokesperson, Siyabulela Vukubi.

He said the cyber-extortion continued and the unknown person made further threats that if the payment of US dollars converted to bitcoin was not met, action would be taken to prove the data breach and hack.

“Their clients ran at a loss of R794 808. This was brought to the attention of the Hawks, who after prompt investigation, identified and apprehended the two suspects,” he said.

From cybersecurity special interest group, SIGCyber, of the Institute of Information Technology Professionals South Africa (IITPSA), committee member and chief revenue officer of Wolfpack Information Risk Bryan Baxter said cyber-extortion is where criminals take advantage of vulnerabilities in IT systems to gain unauthorised access to valuable and sensitive data assets.

“They then demand a ransom to prevent public disclosure and or destruction of the information. The most prevalent form of this extortion is ransomware.

“Data is encrypted and then exfiltrated. Should the ransom not be paid, the attack renders the victim’s IT systems inoperable and the data is sold or made available on the dark web.

“This type of attack can have adverse effects on business. A cybersecurity breach can result in significant financial losses for a business, including the costs associated with investigating the breach, restoring systems and data, and compensating affected customers.”

He said leaked data could also be used for secondary attacks.

“The Financial Sector Conduct Authority (FSCA) and the South African Reserve Bank (SARB) have released a Joint Standard on Cybersecurity and Cyber Resilience.

“This has excellent advice for financial institutions to prevent cybercrime and/or to reduce its impact, (like) set minimum standards for sound practices and processes for cybersecurity and cyber-resilience.

“This includes regular education of all users on cybersecurity threats and how to prevent falling victim to cybercrime.

“Targeted training should be provided to high-risk groups such as HR on the importance of conducting background checks before employing staff, as well as effective off-boarding processes once staff have left,” said Baxter.

Royal Private Investigation and Surveillance firm lead investigator, John Alexander, said cyber-extortion has surged in South Africa, aided by the use of artificial intelligence and deep fakes.

During the festive season, he said, criminals were particularly active, targeting payment systems, intercepting invoices, and manipulating bank account information.

“The scale of cybercrimes has never been so alarming. Yet, there’s a glimmer of hope. Our courts, particularly the Specialised Commercial Crime Courts, are starting to grapple with these intricate cyber cases.

“Regrettably, the SAPS lacks the expertise and resources needed to effectively tackle complex cybercrimes.

They’re inundated with cases deemed ‘more critical’.

“Cyber extortion, in particular, presents a daunting challenge – it’s a ‘faceless crime’. Many cases remain unsolved due to their time-sensitive nature. However, we’ve found that timely reporting provides leads crucial for identifying suspects and making arrests.”

Just last week, the Special Investigating Unit (SIU) enlisted the assistance of international crime-fighting organs to strengthen the unit’s investigating tools to combat internet-based crime.

The memorandum of understanding (MoU) means that the SIU will be working with Interpol National Central Bureau (NCB) for direct access to Interpol‘s Information System.

SIGCyber chairperson and professor at the Centre for Research in Information and Cyber Security at Nelson Mandela University, Professor Kerry-Lynn Thomson, said the festive season came with increased activity from social engineers and cybercriminals.

“Social engineering attacks during the festive season often take advantage of increased online activity and shopping to manipulate individuals into taking actions or divulging sensitive information, typically for malicious purposes.

“To avoid becoming a victim of cybercrime over the festive season, it is really important for individuals to exercise caution when receiving unsolicited emails or messages.

“When making donations or purchases, individuals must use official websites and verified payment methods to ensure security,” Thomson said.

Ecentric did not respond to requests for comment by deadline on Sunday.

Cape Times