Hack attack: Department of Justice and SA Space Agency say no ransom demands made after IT breaches
On Monday, 6 September, two South African government agencies were almost simultaneously hit by cyberattacks on their information systems. Although no clear link between the breaches at the SA National Space Agency and the Department of Justice has been established, no ransom demands were made on either of the agencies.
The South African National Space Agency (Sansa) told Business Maverick on Friday that the IT breach was only of publicly available information.
“We received a notification that there was a possible breach of our IT system, but our internal investigations found that the data that was shared in the public domain comes from our FTP server, which is already in the public domain. So there was no breach of our firewall,” said a spokesperson at Sansa.
File Transfer Protocol (FTP) servers facilitate transfers of large data files across the internet, serving as the midpoint between uploading and downloading of information. There are concerns that its reliance on usernames and passwords for authentication leaves it open to basic cyberattacks. Sansa’s FTP server is not encrypted, heightening the risk of hacks.
“The public server is not encrypted since it is normally only used for public domain files, and therefore made use of anonymous FTP access,” the Sansa official said.
A leak site called CoomingProject posted some of the data online and boasted about the breach. The group seems to have recently emerged, initially targeting French-speaking European countries, but it is spreading its wings, saying online that it planned attacks on Iraq.
“Sansa has not been contacted with any ransom demands. We actually learnt through the media about this organisation claiming responsibility. The data that was shared mostly consists of research data, some research papers and other miscellaneous files. There were some… that contained personal information, but we’re dealing with those issues,” said the Sansa representative.
The Department of Justice confirmed on Thursday that its systems had been breached last Monday, leading to “all information systems being encrypted and unavailable to both internal employees as well as members of the public”. The department told Business Maverick it had not received any ransom demands.
“We haven’t paid and nobody has requested any money from us,” said Steve Mahlangu of the DOJ. “We don’t have any information for now (about the identity of the hackers). Our IT guys believe it was done through a phishing email.”
Cybersecurity experts have previously warned that such incidents would likely increase in SA with more focus on state entities, such as the July cyberattack on Transnet’s port facilities.
“Utilities and other national critical infrastructures are vulnerable to attacks because of the essential services they offer – be it water or electricity supply, or transport in the case of Transnet. They are often exclusive suppliers of these services, thus offering a single point of failure,” said Tiaan van Schalkwyk, a cyber risk specialist at Deloitte Africa.
“Based on the trends we’re seeing, there is still some degree of indiscriminate attacks on state-owned companies, which means they were not specifically targeted but that the cyber-criminals opportunistically attacked them,” said van Schalkwyk.
A 2020 report by Interpol found that South Africa had suffered around $157-million (R2.2-billion) in economic losses due to cyberattacks. BM/DM