Business Maverick

BUSINESS MAVERICK

Hack attack: Department of Justice and SA Space Agency say no ransom demands made after IT breaches

Hack attack: Department of Justice and SA Space Agency say no ransom demands made after IT breaches
Adobe Stock | Unsplash | Shipping containers on the dockside at the Port of Durban, operated by Transnet in Durban, South Africa. (Photo: Waldo Swiegers / Bloomberg via Getty Images)

On Monday, 6 September, two South African government agencies were almost simultaneously hit by cyberattacks on their information systems. Although no clear link between the breaches at the SA National Space Agency and the Department of Justice has been established, no ransom demands were made on either of the agencies.

The South African National Space Agency (Sansa) told Business Maverick on Friday that the IT breach was only of publicly available information. 

“We received a notification that there was a possible breach of our IT system, but our internal investigations found that the data that was shared in the public domain comes from our FTP server, which is already in the public domain. So there was no breach of our firewall,” said a spokesperson at Sansa.

File Transfer Protocol (FTP) servers facilitate transfers of large data files across the internet, serving as the midpoint between uploading and downloading of information. There are concerns that its reliance on usernames and passwords for authentication leaves it open to basic cyberattacks. Sansa’s FTP server is not encrypted, heightening the risk of hacks. 

“The public server is not encrypted since it is normally only used for public domain files, and therefore made use of anonymous FTP access,” the Sansa official said.   

A leak site called CoomingProject posted some of the data online and boasted about the breach. The group seems to have recently emerged, initially targeting French-speaking European countries, but it is spreading its wings, saying online that it planned attacks on Iraq.      

“Sansa has not been contacted with any ransom demands. We actually learnt through the media about this organisation claiming responsibility. The data that was shared mostly consists of research data, some research papers and other miscellaneous files. There were some… that contained personal information, but we’re dealing with those issues,” said the Sansa representative. 

The Department of Justice confirmed on Thursday that its systems had been breached last Monday, leading to “all information systems being encrypted and unavailable to both internal employees as well as members of the public”. The department told Business Maverick it had not received any ransom demands.

“We haven’t paid and nobody has requested any money from us,” said Steve Mahlangu of the DOJ. “We don’t have any information for now (about the identity of the hackers). Our IT guys believe it was done through a phishing email.”

Cybersecurity experts have previously warned that such incidents would likely increase in SA with more focus on state entities, such as the July cyberattack on Transnet’s port facilities.

“Utilities and other national critical infrastructures are vulnerable to attacks because of the essential services they offer – be it water or electricity supply, or transport in the case of Transnet. They are often exclusive suppliers of these services, thus offering a single point of failure,” said Tiaan van Schalkwyk, a cyber risk specialist at Deloitte Africa.

Based on the trends we’re seeing, there is still some degree of indiscriminate attacks on state-owned companies, which means they were not specifically targeted but that the cyber-criminals opportunistically attacked them,” said van Schalkwyk.

A 2020 report by Interpol found that South Africa had suffered around $157-million (R2.2-billion) in economic losses due to cyberattacks. BM/DM

Gallery

Comments - Please in order to comment.

Please peer review 3 community comments before your comment can be posted

X

This article is free to read.

Sign up for free or sign in to continue reading.

Unlike our competitors, we don’t force you to pay to read the news but we do need your email address to make your experience better.


Nearly there! Create a password to finish signing up with us:

Please enter your password or get a sign in link if you’ve forgotten

Open Sesame! Thanks for signing up.

We would like our readers to start paying for Daily Maverick...

…but we are not going to force you to. Over 10 million users come to us each month for the news. We have not put it behind a paywall because the truth should not be a luxury.

Instead we ask our readers who can afford to contribute, even a small amount each month, to do so.

If you appreciate it and want to see us keep going then please consider contributing whatever you can.

Support Daily Maverick→
Payment options

Become a Maverick Insider

This could have been a paywall

On another site this would have been a paywall. Maverick Insider keeps our content free for all.

Become an Insider

Every seed of hope will one day sprout.

South African citizens throughout the country are standing up for our human rights. Stay informed, connected and inspired by our weekly FREE Maverick Citizen newsletter.