The dangers of how brazen attackers had become were highlighted by this week’s cybercrime assault on eThekwini city manager Sipho Nzuza.
The city has confirmed that the suspected fraud is being investigated by its Integrity and Investigations Unit after DA councillor Marlaine Nair brought the matter to its attention.
A construction director, who chose to remain anonymous, sent a copy of an email to Nair which was purportedly received from Nzuza in which reference was made to a construction tender. In the email, the director was asked to contact Nzuza by 10 am. When he contacted the person posing as Nzuza, the director was asked to pay R100000 into an account. He referred the matter to his lawyer.
Email attacks are often the first point of contact for cybercriminals who are either looking to steal information or make direct profit.
Global specialists in email security, Mimecast’s cybersecurity strategist Matthew Gardiner, said its latest risk assessment report indicated an 80% increase in impersonation attacks compared with its previous quarterly assessment.
“Targeted malware, heavily socially-engineered impersonation attacks and phishing threats are still reaching employee inboxes. This leaves organisations at risk of a data breach and financial loss.
“Our latest analysis saw a continued attacker focus on impersonation attacks,” said Gardiner.
The Ponemon Institute’s 2018 Cost of a Data Breach Study found that the average cost in South Africa is R36.5million, up from R32m in 2017.
When insurance giant Liberty Life was hacked earlier this year, R1.68billion was wiped off the firm’s R34bn market value.
Mimecast’s KwaZulu-Natal general manager Paul Stafford said 92% of cybercrime started with the email process. “It is the most pervasive corporate information service,” he said.
The increase in supply chain fraud targeting payments was “huge, or alternatively, an attack can involve important data being encrypted and then having to pay a lot to get data back.
“There is also the cost of brand damage when news of a cyber attack is released,” said Stafford.
When it comes to personal emails, Alto Africa chief technology officer Oliver Potgieter said cybercrime technology had moved on from the target having to click on links for a hacker to get a password.
He highlighted an email currently being circulated which attempts to blackmail the target who is accused of downloading pornography.
The email starts with “I am aware that (actual password) is one of your passwords”.
“Phishing has always been about trying to get your password. Now they are leading the email message with your password straight off the bat to establish credibility. The password used is actually correct (or was). We believe this password information in these recent instances has been from hacks such as the Ashley Maddison hack of 2015.
“There is also nothing in this email that causes it to be blocked by normal spam protection - no links, no malware, no attachments,” said Potgieter.
Payment demanded is often in a cryptocurrency such as Bitcoin, which cannot be traced.
Director of Nemisa KZN e-Skills Colab in Durban, Dr Colin Thakur, said many people now had email on mobile devices.
“We have moved away from the workstations and the consequence of a mobile access point is that we are on the servers permanently. You don’t even have to get hacked,” he said.
Thakur and Stafford warned that cybercrime was also carried out through USB devices, which could be dropped close to a person who then presumed it was their USB device.
“You put it in (to a laptop) and every keystroke you do is picked up, whether it’s your password or other critical information.
“When it comes to creating a fraudulent account, the hacker simply has to transpose two letters. Your eyes will auto-correct the error and every hacker knows that’s what you’ll do.
“It’s such a basic level of fraud, people don’t believe it can happen, but it does,” said Thakur.