The Cyber Threat Landscape in South Africa: A 10-Year Review

Authors

DOI:

https://doi.org/10.23962/10539/32213

Keywords:

Cybersecurity, Cyber threats, Cyberattacks, Cyber incidents, Attack surface, Compromised websites, Cybercrime, Data exposure, System intrusion, Denial of service

Abstract

The world is witnessing a rise in cyber-related incidents. As information technology improves and the reliance on technology increases, the frequency and severity of cyber incidents escalate. The impact is felt globally, and South Africa is not immune to the effects. The country’s fast-paced technological evolution continues to increase the attack surface within the cyber domain. The increased attack surface is confirmed by recent cyberattacks affecting well-known and established South African organisations. This article reviews findings from an evaluation of South Africa’s cyber threat landscape that analysed 74 cyber incidents identified as occurring between 2010 and 2020. The 74 incidents are categorised according to incident type, affected sector, perpetrator type, and motivation. It is found that the most common incident type is data exposure, the most-affected sector is the public sector, the most prevalent perpetrators are hackers, and the most common motivation is criminal. The article makes recommendations about how South Africa can reduce the risk factors in its cyber threat landscape.

References

Bhagattjee, P., Govuza, A., & Westcott, R. (2021, June 9). Regulating the Fourth Industrial Revolution - South Africa’s Cybercrimes Bill is signed into law. Cliffe Dekker Hofmeyr.

Bing, C., & Kelly, S. (2021, May 8). Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed. Reuters. https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-after-cybersecurity-attack-2021-05-08/

Brush, K. (n.d.). Cybercrime. TechTarget. https://searchsecurity.techtarget.com/definition/cybercrime

Burke, I., Motlhabi, M., Netshiya, R., & Pieterse, H. (2021). Lost packet warehousing service. In Proceedings of the 16th International Conference on Cyber Warfare and Security (pp. 501–508). ACI.

BusinessTech. (2014, October 30). Vodacom exposing subscriber details. https://businesstech.co.za/news/mobile/72054/vodacom-exposing-subscriber-details/

BusinessTech. (2016, February 16). Hackers leak SA government’s sensitive financial data. https://businesstech.co.za/news/government/112817/hackers-leak-sa-governments-sensitive-financial-data/

Duffy, C. (2021, March 10). Here’s what we know so far about the massive Microsoft Exchange hack. CNN. https://edition.cnn.com/2021/03/10/tech/microsoft-exchange-hafnium-hack-explainer/index.html

Dullabh, R., & Gabryk, N. (2021, April 13). South Africa: Preparing for POPIA: Data breach response. Mondaq. https://www.mondaq.com/southafrica/data-protection/1055314/preparing-for-popia-data-breach-response

Eaton, C., & Volz, D. (2021, May 19). Colonial Pipeline CEO tells why he paid hackers a $4.4 million ransom. Wall Street Journal. https://www.wsj.com/articles/colonialpipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636

Gandhi, R. A., Sharma, A., Mahoney, W., Sousan, W., Zhu, Q., & Laplante, P. A. (2011). Dimensions of cyber-attacks: Cultural, social, economic, and political. IEEE Technology and Society Magazine, 30(1), 28–38. https://doi.org/10.1109/MTS.2011.940293

Goldstuck, A. (2021, August 1). Transnet cyber hack a warning of risk to SA. BusinessLive. https://www.businesslive.co.za/bt/business-and-economy/2021-08-01-transnetcyber-hack-a-warning-of-risk-to-sa/

ITWeb. (2020, June 14). Postbank to replace 12m bank cards after security breach. https://www.itweb.co.za/content/nWJadvbekrmqbjO1

Kakareka, A. (2014). Detecting system intrusions. In J. R. Vacca (Ed.), Network and system security (2nd ed.) (pp. 1–27). Syngress.

https://doi.org/10.1016/B978-0-12-416689-9.00001-0

Kumar, R., Raj, P., & Perianayagam, J. (2019). A framework to detect compromised websites using link structure anomalies. In S. Omar, S. W. Haji, & S. Phon-Amnuaisuk (Eds.), Advances in intelligent systems and computing: Proceedings of the Computational Intelligence in Information Systems conference (CIIS 2018) (pp. 72–84). Springer. https://doi.org/10.1007/978-3-030-03302-6_7

Mcanyana, W., Brindley, C., & Seedat, Y. (2020). Insight into the cyberthreat landscape in South Africa. Accenture.

McKane, J. (2020a, November 10). ANC Youth League website hacked. MyBroadband. https://mybroadband.co.za/news/government/374940-anc-youth-league-websitehacked.html

McKane, J. (2020b, November 30). Absa hit by data breach. MyBroadband. https://mybroadband.co.za/news/security/378358-absa-hit-by-data-breach.html

Mikhaylova, G. (2014). The “Anonymous” movement: Hacktivism as an emerging form of political participation. Texas State University, San Marcos.

Moyo, A. (2017, June 29). DBE web site hacked, pro-Islamic State messages posted. ITWeb. https://www.itweb.co.za/content/x4r1lyMRgpjqpmda

Moyo, A. (2019a, October 25). City of Joburg hit by cyber attack. ITWeb. https://www.itweb.co.za/content/dgp45qaG8gZ7X9l8

Moyo, A. (2019b, October 25). Bad day for SA’s cyber security as banks suffer DDoS attacks. ITWeb. https://www.itweb.co.za/content/LPp6V7r4OVzqDKQz

Moyo, A. (2019c, September 13). Garmin SA hacked, exposing users’ credit card details. ITWeb. https://www.itweb.co.za/content/O2rQGMApY5G7d1ea

Moyo, A. (2019d, October 28). Liquid Telecom, Webafrica hit by DDoS attacks. ITWeb. https://www.itweb.co.za/content/GxwQDM1A339MlPVo

Moyo, A. (2020a, August 19). Experian hacked, 24m personal details of South Africans exposed. ITWeb. https://www.itweb.co.za/content/rxP3jqBmNzpMA2ye

Moyo, A. (2020b, February 5). Tracker hack hints at more ransomware attacks in SA. ITWeb. https://www.itweb.co.za/content/LPp6VMr4YxNvDKQz

Moyo, A. (2021, July 22). Transnet suffers “disruption” of IT systems. ITWeb. https://www.itweb.co.za/content/wbrpOqgYAwY7DLZn

Muller, R. (2013, December 30). My Vodacom security flaw exposes subscriber details. MyBroadband. https://mybroadband.co.za/news/security/94234-my-vodacom-security-flaw-exposes-subscriber-details.html

Mungadze, S. (2020, June 9). Life Healthcare Group hit by cyber attack amid COVID-19. ITWeb. https://www.itweb.co.za/content/JBwErvnBK4av6Db2

MyBroadband. (2012, December 9). South African websites hacked. https://mybroadband.co.za/news/security/66474-south-african-websites-hacked.html

MyBroadband. (2014, September 21). Mass hacking of South African websites. https://mybroadband.co.za/news/security/110316-mass-hacking-of-south-african-websites.html

MyBroadband. (2016, May 30). MTN exposing subscribers’ personal details online. https://mybroadband.co.za/news/cellular/166734-mtn-exposing-subscribers-personal-details-online.html

MyBroadband. (2017, May 21). Telkom systems crippled by WannaCry ransomware. https://mybroadband.co.za/news/security/211576-telkom-systems-crippled-by-wannacry-ransomware.html

MyBroadband. (2018, July 7). South African presidency website hacked. https://mybroadband.co.za/news/security/267491-south-african-presidency-website-hacked.html

Mzekandaba, S. (2019, July 23). SASSA web site remains down after hack. ITWeb. https://www.itweb.co.za/content/rxP3jqBpVJ27A2ye

Ngqakamba, S. (2021, September 9). Justice department’s IT system brought down in ransomware attack. News24. https://www.news24.com/news24/southafrica/news/justice-departments-it-system-brought-down-in-ransomware-attack-20210909

Rawlins, L. K. (2017, June 28). Hackers again prove their global power. ITWeb. https://www.itweb.co.za/content/nLPp6VMrdbzvDKQz

Republic of South Africa (RSA). (2013). Protection of Personal Information Act (POPIA) 4 of 2013.

Sabillon, R., Cano, J., Cavaller, V., & Serra, J. (2016). Cybercrime and cybercriminals: A comprehensive study. International Journal of Computer Networks and Communications Security, 4(6), 165–176.

Slabbert, A., & Peyper, L. (2021, August 1). Transnet attack is cyber warfare. City Press. https://www.news24.com/citypress/business/transnet-attack-is-cyber-warfare-20210801

Trautman, L. J., & Ormerod, P. (2019). Wannacry, ransomware, and the emerging threat to corporations. Tennessee Law Review, 86(503), 504–556. https://doi.org/10.2139/ssrn.3238293

Trend Micro. (2017). Ransomware: Past, present, and future. https://documents.trendmicro.com/assets/wp/wp-ransomware-past-present-and-future.pdf

Van Heerden, R. P., Irwin, B., Burke, I. D., & Leenen, L. (2012). A computer network attack taxonomy and ontology. International Journal of Cyber Warfare and Terrorism (IJCWT), 2(3), 12–25. https://doi.org/10.4018/ijcwt.2012070102

Van Heerden, R. P., Von Soms, S., & Mooi, R. (2016). Classification of cyber attacks in South Africa. In IEEE (Ed.), 2016 IST-Africa Week Conference (pp. 1–16). https://doi.org/10.1109/ISTAFRICA.2016.7530663

Van Niekerk, B. (2017). An analysis of cyber-incidents in South Africa. The African Journal of Information and Communication (AJIC), 20, 113–132. https://doi.org/10.23962/10539/23573

Vermeulen, J. (2016, February 12). Massive number of South African websites hacked by Anonymous. MyBroadband. https://mybroadband.co.za/news/security/155040-massive-number-of-south-african-websites-hacked-by-anonymous.html

Vermeulen, J. (2019, November 25). Massive DDoS attacks – South African internet providers crippled. MyBroadband. https://mybroadband.co.za/news/internet/329539-massive-ddos-attacks-south-african-internet-providers-crippled.html

Vermeulen, J. (2020a, May 27). Data leak on UIF COVID-19 relief scheme website. MyBroadband. https://mybroadband.co.za/news/cloud-hosting/353473-data-leak-onuif-covid-19-relief-scheme-website.html

Vermeulen, J. (2020b, October 1). Ransomware group claims hack on Office of the Chief Justice. MyBroadband. https://mybroadband.co.za/news/security/369503-ransomware-group-claims-hack-on-office-of-the-chief-justice.html

Vermeulen, J. (2020c, November 7). Ransomware group releases data after attack on Office of the Chief Justice. MyBroadband. https://mybroadband.co.za/news/security/374310-ransomware-group-releases-data-after-attack-on-office-of-the-chief-justice.html

Willett, M. (2021). Lessons of the SolarWinds hack. Survival, 63(2), 7–26. https://doi.org/10.1080/00396338.2021.1906001

Wyatt, M. (2021, March 16). Responding to the Microsoft Exchange Hack. Wall Street Journal Pro Cybersecurity Research.

Downloads

Published

06-12-2021

Issue

Section

Research Articles

How to Cite

“The Cyber Threat Landscape in South Africa: A 10-Year Review” (2021) The African Journal of Information and Communication (AJIC) [Preprint], (28). doi:10.23962/10539/32213.
Views
  • Abstract 4686
  • PDF 2208