Catastrophic global cyber event predicted as SA government faces increasing attacks — experts
One of the biggest business risks to South Africa is cybercrime and it is predicted that government departments will be increasingly attacked. Not even President Cyril Ramaphosa has been immune to cybercrooks. This is the warning from the Council for Scientific and Industrial Research.
Cybercrime costs the economy around R2.2-billion annually and it is one of the biggest threats to businesses in South Africa this year.
There are also probably going to be increased cyber attacks on government departments, according to the Council for Scientific and Industrial Research (CSIR).
On Tuesday 4 April, CSIR cybersecurity systems expert and research group leader, Billy Petzer, delivered a presentation on cybercrime in relation to South Africa and it revealed a rattling situation.
Top-ranked global target
The country is ranked sixth in the world in terms of cybercrime density — although Petzer said some sources placed the country as third globally.
South Africa is also the eighth most targeted nation in the world for ransomware.
The presentation Petzer delivered said that over the past year, ransomware affected more than half of South African firms.
On top of that, South Africa has the highest instance of business email compromise on the continent.
Read more in Daily Maverick: South Africa linked to Australian cybercrime after crackdown on stolen identities and money laundering
Cyberattacks were previously launched against Transnet, which caused ports to shut down, and several other government departments.
Five million consumers and the President
TransUnion was also affected.
In June last year it issued a statement saying: “Following the recent incident where a criminal third-party obtained access to an isolated TransUnion South Africa server, we are able to provide an update from our investigation.
“Our understanding is that data relating to 5 million consumers was potentially affected by the incident with a further 5.2 million consumers having had only ID numbers affected with no personal information linked to the ID number. For businesses, a total of 600,000 organisations were potentially affected by the incident.”
While delivering the CSIR presentation on Tuesday, Petzer said even “the President’s private information was leaked in the TransUnion data breach.”
It was reported at the time that a hacker group had threatened to release data relating to President Cyril Ramaphosa.
Petzer also referred to Ramaphosa as having been targeted via phone surveillance — it was previously reported that Pegasus spyware could have been used for this.
‘Catastrophic cyber event’
The CSIR presentation said that the World Economic Forum had identified cybercrime as one of the top 10 global risks.
According to the forum, identity theft was the biggest risk for 2023, followed by cyber extortion, financial and data loss due to cybercrimes, attacks on critical infrastructure, and geopolitical instability and cyberwarfare.
The CSIR’s presentation said that internationally, “geopolitical instability and the use of cyberwarfare are increasing.”
Petzer explained that Russia’s war on Ukraine was not just being fought via “boots on the ground,” but cyber activities were also involved.
The CSIR presentation continued: “93% of cyber leaders believe global geopolitical instability is likely to lead to a catastrophic cyber event in the next two years.”
Petzer said the challenges faced globally in terms of cybercrime were “compounded even further on a local level.”
In terms of South Africa, it was anticipated that there would be “a marked increase in attacks on government departments”.
Cyber-harassment and sextortion
Cybercrime, the CSIR presentation said, was also “marked as one of the biggest risk[s] to business in SA for 2023.”
It added that “the proliferation of ransomware will continue” and there would be a “further increase in cyber harassment, cyber extortion [and] sextortion.”
Petzer said such crimes, though, were underreported and often went unreported, due to reasons, especially when it came to sextortion, including embarrassment.
He explained that South Africa was “the most unequal country in the world” with high poverty and unemployment rates. This meant that the country did not have “the luxury” its European counterparts did in terms of resources allocated to tackling cybercrime.
The presentation said that there was a higher priority placed on addressing socio-economic challenges in South Africa than on technological challenges.
South Africa, though, was the most technologically advanced country on the continent with a “large youthful population,” a high level of internet access, and “high smartphone penetration”.
Few cybersecurity professionals
But the CSIR presentation said there were low levels of formal education in terms of cybercrime, the “general population [was] not tech-savvy,” and the country had few cybersecurity professionals.
These issues needed to be addressed.
Petzer emphasised that “cybersecurity is a shared responsibility”. This meant that individuals, the private and public sector, as well as government, needed to work together.
The CSIR, for example, was collaborating with entities including Eskom, the South African Reserve Bank, the Department of Health, the Tshwane University of Technology, and the South African Police Service.
Ear scans and fingerprints
During the presentation, Petzer outlined some homegrown technologies aimed at cracking down on cybercrime and enhancing other work.
The “Cyber Early Warning System,’ he said, could scan for cyberattacks and “warns a network administrator of threats via multiple channels”.
Biometrics for children, to identify them from “as early as 0 weeks old” could be done by comparing and analysing their fingerprints, ear shape and iris features.
Petzer said “ear scans” could be used like fingerprints to help identify children and address issues of mistaken or stolen identities.
The CSIR presentation also detailed what a “Veristic Print” was – an “end-to-end fingerprint biometrics capability” that “allows for contactless fingerprint acquisition.”
Its website went into more detail, saying: “The CSIR’s VeristicPrint biometric technology is an end-to-end biometric system that uses digital imaging devices such as smartphones, webcams and digital cameras to create fingerprint scanners.”
Petzer said it could be used for taking fingerprints from a crime scene without damaging the print. DM
Caryn Dolley has spent years tracing the footprints of crime/drug kingpins from across the world. In her latest book, Clash of the Cartels, Dolley provides unprecedented insight into how specific drug cartels and syndicates have operated via South Africa, becoming embroiled in deadly violence in the country and bolstering local criminal networks. Available now from the Daily Maverick Shop.