The Cyber Threat Landscape in South Africa: A 10-Year Review
Keywords:Cybersecurity, Cyber threats, Cyberattacks, Cyber incidents, Attack surface, Compromised websites, Cybercrime, Data exposure, System intrusion, Denial of service
The world is witnessing a rise in cyber-related incidents. As information technology improves and the reliance on technology increases, the frequency and severity of cyber incidents escalate. The impact is felt globally, and South Africa is not immune to the effects. The country’s fast-paced technological evolution continues to increase the attack surface within the cyber domain. The increased attack surface is confirmed by recent cyberattacks affecting well-known and established South African organisations. This article reviews findings from an evaluation of South Africa’s cyber threat landscape that analysed 74 cyber incidents identified as occurring between 2010 and 2020. The 74 incidents are categorised according to incident type, affected sector, perpetrator type, and motivation. It is found that the most common incident type is data exposure, the most-affected sector is the public sector, the most prevalent perpetrators are hackers, and the most common motivation is criminal. The article makes recommendations about how South Africa can reduce the risk factors in its cyber threat landscape.
Bhagattjee, P., Govuza, A., & Westcott, R. (2021, June 9). Regulating the Fourth Industrial Revolution - South Africa’s Cybercrimes Bill is signed into law. Cliffe Dekker Hofmeyr.
Bing, C., & Kelly, S. (2021, May 8). Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed. Reuters. https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-after-cybersecurity-attack-2021-05-08/
Brush, K. (n.d.). Cybercrime. TechTarget. https://searchsecurity.techtarget.com/definition/cybercrime
Burke, I., Motlhabi, M., Netshiya, R., & Pieterse, H. (2021). Lost packet warehousing service. In Proceedings of the 16th International Conference on Cyber Warfare and Security (pp. 501–508). ACI.
BusinessTech. (2014, October 30). Vodacom exposing subscriber details. https://businesstech.co.za/news/mobile/72054/vodacom-exposing-subscriber-details/
BusinessTech. (2016, February 16). Hackers leak SA government’s sensitive financial data. https://businesstech.co.za/news/government/112817/hackers-leak-sa-governments-sensitive-financial-data/
Duffy, C. (2021, March 10). Here’s what we know so far about the massive Microsoft Exchange hack. CNN. https://edition.cnn.com/2021/03/10/tech/microsoft-exchange-hafnium-hack-explainer/index.html
Dullabh, R., & Gabryk, N. (2021, April 13). South Africa: Preparing for POPIA: Data breach response. Mondaq. https://www.mondaq.com/southafrica/data-protection/1055314/preparing-for-popia-data-breach-response
Eaton, C., & Volz, D. (2021, May 19). Colonial Pipeline CEO tells why he paid hackers a $4.4 million ransom. Wall Street Journal. https://www.wsj.com/articles/colonialpipeline-ceo-tells-why-he-paid-hackers-a-4-4-million-ransom-11621435636
Gandhi, R. A., Sharma, A., Mahoney, W., Sousan, W., Zhu, Q., & Laplante, P. A. (2011). Dimensions of cyber-attacks: Cultural, social, economic, and political. IEEE Technology and Society Magazine, 30(1), 28–38. https://doi.org/10.1109/MTS.2011.940293
Goldstuck, A. (2021, August 1). Transnet cyber hack a warning of risk to SA. BusinessLive. https://www.businesslive.co.za/bt/business-and-economy/2021-08-01-transnetcyber-hack-a-warning-of-risk-to-sa/
ITWeb. (2020, June 14). Postbank to replace 12m bank cards after security breach. https://www.itweb.co.za/content/nWJadvbekrmqbjO1
Kakareka, A. (2014). Detecting system intrusions. In J. R. Vacca (Ed.), Network and system security (2nd ed.) (pp. 1–27). Syngress.
Kumar, R., Raj, P., & Perianayagam, J. (2019). A framework to detect compromised websites using link structure anomalies. In S. Omar, S. W. Haji, & S. Phon-Amnuaisuk (Eds.), Advances in intelligent systems and computing: Proceedings of the Computational Intelligence in Information Systems conference (CIIS 2018) (pp. 72–84). Springer. https://doi.org/10.1007/978-3-030-03302-6_7
Mcanyana, W., Brindley, C., & Seedat, Y. (2020). Insight into the cyberthreat landscape in South Africa. Accenture.
McKane, J. (2020a, November 10). ANC Youth League website hacked. MyBroadband. https://mybroadband.co.za/news/government/374940-anc-youth-league-websitehacked.html
McKane, J. (2020b, November 30). Absa hit by data breach. MyBroadband. https://mybroadband.co.za/news/security/378358-absa-hit-by-data-breach.html
Mikhaylova, G. (2014). The “Anonymous” movement: Hacktivism as an emerging form of political participation. Texas State University, San Marcos.
Moyo, A. (2017, June 29). DBE web site hacked, pro-Islamic State messages posted. ITWeb. https://www.itweb.co.za/content/x4r1lyMRgpjqpmda
Moyo, A. (2019a, October 25). City of Joburg hit by cyber attack. ITWeb. https://www.itweb.co.za/content/dgp45qaG8gZ7X9l8
Moyo, A. (2019b, October 25). Bad day for SA’s cyber security as banks suffer DDoS attacks. ITWeb. https://www.itweb.co.za/content/LPp6V7r4OVzqDKQz
Moyo, A. (2019c, September 13). Garmin SA hacked, exposing users’ credit card details. ITWeb. https://www.itweb.co.za/content/O2rQGMApY5G7d1ea
Moyo, A. (2019d, October 28). Liquid Telecom, Webafrica hit by DDoS attacks. ITWeb. https://www.itweb.co.za/content/GxwQDM1A339MlPVo
Moyo, A. (2020a, August 19). Experian hacked, 24m personal details of South Africans exposed. ITWeb. https://www.itweb.co.za/content/rxP3jqBmNzpMA2ye
Moyo, A. (2020b, February 5). Tracker hack hints at more ransomware attacks in SA. ITWeb. https://www.itweb.co.za/content/LPp6VMr4YxNvDKQz
Moyo, A. (2021, July 22). Transnet suffers “disruption” of IT systems. ITWeb. https://www.itweb.co.za/content/wbrpOqgYAwY7DLZn
Muller, R. (2013, December 30). My Vodacom security flaw exposes subscriber details. MyBroadband. https://mybroadband.co.za/news/security/94234-my-vodacom-security-flaw-exposes-subscriber-details.html
Mungadze, S. (2020, June 9). Life Healthcare Group hit by cyber attack amid COVID-19. ITWeb. https://www.itweb.co.za/content/JBwErvnBK4av6Db2
MyBroadband. (2012, December 9). South African websites hacked. https://mybroadband.co.za/news/security/66474-south-african-websites-hacked.html
MyBroadband. (2014, September 21). Mass hacking of South African websites. https://mybroadband.co.za/news/security/110316-mass-hacking-of-south-african-websites.html
MyBroadband. (2016, May 30). MTN exposing subscribers’ personal details online. https://mybroadband.co.za/news/cellular/166734-mtn-exposing-subscribers-personal-details-online.html
MyBroadband. (2017, May 21). Telkom systems crippled by WannaCry ransomware. https://mybroadband.co.za/news/security/211576-telkom-systems-crippled-by-wannacry-ransomware.html
MyBroadband. (2018, July 7). South African presidency website hacked. https://mybroadband.co.za/news/security/267491-south-african-presidency-website-hacked.html
Mzekandaba, S. (2019, July 23). SASSA web site remains down after hack. ITWeb. https://www.itweb.co.za/content/rxP3jqBpVJ27A2ye
Ngqakamba, S. (2021, September 9). Justice department’s IT system brought down in ransomware attack. News24. https://www.news24.com/news24/southafrica/news/justice-departments-it-system-brought-down-in-ransomware-attack-20210909
Rawlins, L. K. (2017, June 28). Hackers again prove their global power. ITWeb. https://www.itweb.co.za/content/nLPp6VMrdbzvDKQz
Republic of South Africa (RSA). (2013). Protection of Personal Information Act (POPIA) 4 of 2013.
Sabillon, R., Cano, J., Cavaller, V., & Serra, J. (2016). Cybercrime and cybercriminals: A comprehensive study. International Journal of Computer Networks and Communications Security, 4(6), 165–176.
Slabbert, A., & Peyper, L. (2021, August 1). Transnet attack is cyber warfare. City Press. https://www.news24.com/citypress/business/transnet-attack-is-cyber-warfare-20210801
Trautman, L. J., & Ormerod, P. (2019). Wannacry, ransomware, and the emerging threat to corporations. Tennessee Law Review, 86(503), 504–556. https://doi.org/10.2139/ssrn.3238293
Trend Micro. (2017). Ransomware: Past, present, and future. https://documents.trendmicro.com/assets/wp/wp-ransomware-past-present-and-future.pdf
Van Heerden, R. P., Irwin, B., Burke, I. D., & Leenen, L. (2012). A computer network attack taxonomy and ontology. International Journal of Cyber Warfare and Terrorism (IJCWT), 2(3), 12–25. https://doi.org/10.4018/ijcwt.2012070102
Van Heerden, R. P., Von Soms, S., & Mooi, R. (2016). Classification of cyber attacks in South Africa. In IEEE (Ed.), 2016 IST-Africa Week Conference (pp. 1–16). https://doi.org/10.1109/ISTAFRICA.2016.7530663
Van Niekerk, B. (2017). An analysis of cyber-incidents in South Africa. The African Journal of Information and Communication (AJIC), 20, 113–132. https://doi.org/10.23962/10539/23573
Vermeulen, J. (2016, February 12). Massive number of South African websites hacked by Anonymous. MyBroadband. https://mybroadband.co.za/news/security/155040-massive-number-of-south-african-websites-hacked-by-anonymous.html
Vermeulen, J. (2019, November 25). Massive DDoS attacks – South African internet providers crippled. MyBroadband. https://mybroadband.co.za/news/internet/329539-massive-ddos-attacks-south-african-internet-providers-crippled.html
Vermeulen, J. (2020a, May 27). Data leak on UIF COVID-19 relief scheme website. MyBroadband. https://mybroadband.co.za/news/cloud-hosting/353473-data-leak-onuif-covid-19-relief-scheme-website.html
Vermeulen, J. (2020b, October 1). Ransomware group claims hack on Office of the Chief Justice. MyBroadband. https://mybroadband.co.za/news/security/369503-ransomware-group-claims-hack-on-office-of-the-chief-justice.html
Vermeulen, J. (2020c, November 7). Ransomware group releases data after attack on Office of the Chief Justice. MyBroadband. https://mybroadband.co.za/news/security/374310-ransomware-group-releases-data-after-attack-on-office-of-the-chief-justice.html
Willett, M. (2021). Lessons of the SolarWinds hack. Survival, 63(2), 7–26. https://doi.org/10.1080/00396338.2021.1906001
Wyatt, M. (2021, March 16). Responding to the Microsoft Exchange Hack. Wall Street Journal Pro Cybersecurity Research.
How to Cite
Copyright (c) 2021 Heloise Pieterse
This work is licensed under a Creative Commons Attribution 4.0 International License.