An Analysis of Cyber-Incidents in South Africa
DOI:
https://doi.org/10.23962/10539/23573Keywords:
advanced persistent threat, data breach, defacement, distributed denial of service, financial theft, system penetrationAbstract
Cybersecurity concerns are present in all nations, but the exact nature of the threats differs depending on the country and/or region. Therefore there is a need to assess the threats and impacts for specific countries. This article presents a high-level analysis of “newsworthy” cyber-incidents that affected South Africa. The 54 incidents that are considered are categorised according to impact type, perpetrator type, and victim type, and the trends are assessed. It was found that the most common impact type was data exposure, which was also one that had increased noticeably in recent years. The most prevalent perpetrator type was found to be hacktivists, which had also exhibited a recent increase in activity. A particularly concerning trend was the recent high number of incidents of data exposure caused by error, a trend running contrary to the drive to improve cybersecurity. It was also found that of the incidents considered, 54% targeted state-owned or political entities as victims. In general, the results appeared consistent with global reported trends.
References
Ackroyd, B. (2014, December 4). Cyber hacktivist strikes SA sites again. ENCA. Retrieved from http://www.enca.com/technology/cyber-hactivist-strikes-sa-sites-again
Ajam, K. (2012, November 10). Alarm over credit card breach. The Independent on Saturday.
Andress, J., & Winterfield, S. (2014). Cyber warfare: Techniques, tactics and tools for security practitioners (2nd ed). Waltham, MA: Elsevier.
Arde, A. (2012, November 17). Hack attack a costly lesson for banks, The Independent on Saturday.
BBC News. (1999, September 13). Hackers deface SA stats site. Retrieved from http://news.bbc.co.uk/2/hi/africa/446392.stm
Brown, R., & Rudis, B. (2017). Rapid7 threat report 2017 Q1. Retrieved from https://www.rapid7.com/globalassets/_pdfs/research/rapid7-threat-report-2017-q1.pdf
Buchanan, B. (2017). The cybersecurity dilemma. Oxford: Oxford University Press. https://doi.org/10.1093/acprof:oso/9780190665012.001.0001
Cave, K. (2017, March 24). Cinema chain hack sees data security take centre stage in South Africa. IDG Connect. Retrieved from http://www.idgconnect.com/blog-abstract/25679/cinema-chain-hack-security-centre-stage-south-africa
Chandarman, R. (2016). Cybersecurity awareness of students at a private higher education institute in South Africa. Master’s dissertation, University of KwaZulu-Natal, Westville, Durban.
Cusimano, J. (2010). DCS virus infection, investigation and response: A case study. Presentation to Industrial Control Systems Joint Working Group (ICSJWG) Fall Conference, 25-28 October, Seattle.
Department of Justice and Correctional Services. (2017). Cybercrimes and Cybersecurity Bill. Pretoria.
Dingle, S. (2009, July 15). Anatomy of an SMS banking scam. FIN24.com. Retrieved from http://www.fin24.com/articles/default/display_article.aspx?ArticleId=2638902
Dlamini, Z., & Modise, M. (2012). Cyber security awareness initiatives in South Africa: A synergy approach. In V. Lysenko (Ed.), 7th International Conference on Information Warfare and Security (pp. 98-107). Seattle: University of Washington.
ESET. (2016, October). En route with Sednit: Part I: Approaching the target. Retrieved from https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf
Fearn, N. (2017, March 29). Critical lack of skills could be the biggest security challenge. IDG Connect. Retrieved from http://www.idgconnect.com/abstract/25505/critical-lack-skills-biggest-security-challenge
FireEye. (2014). APT28: A window into Russia’s cyber espionage operations? Retrieved from https://www2.fireeye.com/apt28.html
Fripp, C. (2016, February 12). Anonymous begins #OpAfrica: Claims thousands of SA sites compromised. htxt.africa. Retrieved from http://www.htxt.co.za/2016/02/12/anonymous-makes-good-on-promise-goes-after-sa-government-websites/
Gorton, B. (2016, June 14). Anonymous Africa goes after “racist” EFF and their “Godfathers” Zanu PF. Sowetan Live. Retrieved from http://www.sowetanlive.co.za/news/article16983627.ece
HomeGrownHoney.(2009, January 7). Hackers expose South African banks. ITWeb. Retrieved from http://mydl.itweb.co.za/index.php?option=com_myblog&show=hackers-expose-south-african-bankshtml&Itemid=
ITNewsAfrica. (2013, August 30). MTN victim of cyber attack. Retrieved from http://www.itnewsafrica.com/2013/08/mtn-victim-of-cyber-attack/
ITWeb. (2013, May 6). No damage during Aarto hacking. Retrieved from http://www.itweb.co.za/index.php?option=com_content&view=article&id=63798
Limer, E, (2013). Meet Red October: The global cyber-espionage ring that spent 5 years in the shadows. Gizmodo. Retrieved from http://gizmodo.com/5975793/meet-red-october-the-global-cyber+espionage-ring-that-spent-5-years-in-the-shadows
Mail C Guardian. (2008, August 15). Hacker compromises DA website. Retrieved from https://mg.co.za/article/2008-08-15-hacker-compromises-da-website
Malwarebytes Labs. (2017). State of malware report 2017. Retrieved from https://www.malwarebytes.com/pdf/white-papers/stateofmalware.pdf
Mandiant. (2013, February 19). APT1: Exposing one of China’s cyber espionage units. Retrieved from https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
Matinde, V. (2017, March 10). Cybersecurity must play catch up as more Kenyans move online. IDG Connect. Retrieved from http://www.idgconnect.com/abstract/25318/cybersecurity-play-catch-kenyans-online
Mbongwa, L., & Makua, J. (2005, January 13). Moroccan hackers blamed for website blitz. Independent Online. Retrieved from http://www.iol.co.za/news/south-africa/moroccan-hackers-blamed-for-website-blitz-231419
Miller, B., & Rowe, D. C. (2012). A survey of SCADA and critical infrastructure incidents. In RIIT ’12 (Ed.), Proceedings of the 1st Annual Conference on Research in Information Technology [RIIT ‘12], (pp 51-56), New York: ACM. https://doi.org/10.1145/2380790.2380805
Mkhwanazi, S. (2015, October 12). Roads agency account hacked for R8.5m. Independent Online. Retrieved from http://www.iol.co.za/capetimes/roads-agency-account-hacked-for-r8-5m-1.1928834
Muller, R. (2013, December 30). My Vodacom security flaw exposes subscriber details. MyBroadband. Retrieved from https://mybroadband.co.za/news/security/94234-my-vodacom-security-flaw-exposes-subscriber-details.html
MyBroadband. (2013a, August 21). City of Joburg exposes private information again. Retrieved from https://mybroadband.co.za/news/security/84929-city-of-joburg-exposes-private-information-again.html
MyBroadband. (2013b, October 15). Mass security breach of fast food payment systems in SA. Retrieved from http://mybroadband.co.za/news/security/88985-mass-security-breach-of-fast-food-payment-systems-in-sa.html
MyBroadband. (2014, January 5). Big Cell C security flaw uncovered. Retrieved from https://mybroadband.co.za/news/security/94332-big-cell-c-security-flaw-uncovered.html
MyBroadband. (2016, May 30). MTN exposing subscribers’ personal details online. Retrieved from https://mybroadband.co.za/news/cellular/166734-mtn-exposing-subscribers-personal-details-online.html
Norton South Africa (2012) Norton cybercrime report 2012. Retrieved from http://za.norton.com/cybercrimereport/promo?inid=uk_hho_downloads_home_link_cybercrimereport
Oiaga, M. (2006, July 4). Three South African banks hit by hackers. Softpedia. Retrieved from http://news.softpedia.com/news/Three-South-African-Banks-Hit-by-Hackers-28590.shtml
Paganini, P. (2013, January 17). Red October, RBN and too many questions still unresolved. Security Affairs blog. Retrieved from http://securityaffairs.co/wordpress/11779/cyber-crime/red-october-rbn-and-too-many-questions-still-unresolved.html
Patrick, H. (2015). Security information flow in the public sector: KZN health and education. PhD thesis. University of KwaZulu-Natal, Durban.
Plaut, M. (2010, October 26). Book says hacker tried to stop Mandela coming to power. BBC News. Retrieved from http://www.bbc.com/news/world-africa-11630092
Porter, B. (2003, August 8). Hackers target SA universities. News24. Retrieved from http://www.news24.com/SciTech/News/Hackers-target-SA-universities-20030808
Potgieter, D. (2011, January 8) Absa intercepts land bank swindle. Saturday Star. Retrieved from http://www.iol.co.za/business/companies/absa-intercepts-land-bank-swindle-1.1009423
Pretorius, B. H. (2016). Cyber-security and governance for industrial control systems (ICS) in South Africa. Master’s dissertation, University of KwaZulu-Natal, Durban.
PricewaterhouseCoopers (PwC), & BAE Systems. (2017). Operation Cloud Hopper. Retrieved from https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html
Rasool, F. 2012. Postbank heist signals policy gap, ITWeb. Retrieved from http://www.itweb.co.za/index.php?option=com_content&view=article&id=50818
Redelinghuis, K. (2011, March 30). ANC Youth League website hacked by “Warbird”. Memeburn. Retrieved from http://memeburn.com/2011/03/anc-youth-league-website-hacked/
Republic of South Africa (RSA). (2002a). Electronic Communications and Transactions Act 25 of 2002.
RSA. (2002b). Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA) 70 of 2002.
RSA. (2009). Protection of Personal Information (POPI) Bill 9 of 2009. RSA. (2013). Protection of Personal Information (POPI) Act 4 of 2013.
Reuters. (1998, June 11). South Africa police arrest teen hacker. Retrieved from http://lists.jammed.com/ISN/1998/11/0032.html
Roane, B. (2013, May 22). SAPS website hacked. The Star. Retrieved from http://www.iol.co.za/news/crime-courts/saps-website-hacked-1.1520042
SABC News. (2017, April 19). Cyber-attacks reaching a critical point in SA. Retrieved from http://www.timenews.co.za/timenews-sabc-news-cyber-attacks-reaching-a-critical-point-in-sawednesday-19-april-2017
Safenet. (2014). Breach database: Top data breaches. Retrieved from http://www.breachlevelindex.com/#!breach-database
SANews. (2012, December 21). Attack on e-toll website foiled. Retrieved from http://www.sanews.gov.za/south-africa/attack-e-toll-website-foiled
Saville, M. (2012, December 9). Three SA government websites hacked. Mail C Guardian. Retrieved from https://mg.co.za/article/2012-12-09-three-government-websites-hacked
Song, S. (2017). African undersea cables – Interactive. Many Possibilities blog. Retrieved from https://manypossibilities.net/african-undersea-cables-interactive
Speckman, A. (2015). Cybercriminals are on the prowl. BDLive. Retrieved from http://www.bdlive.co.za/businesstimes/2015/02/01/cybercriminals-are-on-the-prowl
State Security Agency (SSA). (2015). National cybersecurity policy framework. Pretoria.
Stone, A. (2010, April 25). Patient records for all to see. I-Net. Retrieved from http://news.za.msn.com/local/article.aspx?cp-documentid=153155730
Swart, W., & wa Afrika, M. (2012, January 15). It was a happy New Year’s Day for a gang who pulled off...R42m Postbank heist. Times Live. Retrieved from https://www.timeslive.co.za/news/south-africa/2012-01-15-it-was-a-happy-new-years-day-for-gang-who-pulled-offr42m-postbank-heist
Tate, S. (2017, April 19). Why Australia will lose a cyberwar. Vice. Retrieved from https://www.vice.com/en_au/article/why-australia-will-lose-a-cyberwar
TelecomSpeak. (2015, May 18). Cyber attack targets MTN Data Centre. Retrieved from http://www.telecomspeak.com/2015/05/18/cyber-attack-targets-mtn-data-centre
Tengimfene, N. (2013). Media statement on progress made by the Justice, Crime Prevention & Security cluster in the fight against corruption. Pretoria: Government Communication and Information System (GCIS).
Tubbs, B. (2013, May 22). SAPS hack spells negligence. ITWeb. Retrieved from http://www.itweb.co.za/index.php?option=com_content&view=article&id=64268:SAPS-hack-spells-negligence&catid=265
Van Niekerk, B. (2017). Analysis of cyber-attacks against the transportation sector. In M.E. Korstanje (Ed.), Threat mitigation and detection of cyber warfare and terrorism activities (pp. 69-92), Hershey PA: IGI. https://doi.org/10.4018/978-1-5225-1938-6.ch004
Van Rooyen, K. (2009, July 18). Hidden price of a banking scam. The Times. Retrieved from http://www.thetimes.co.za/News/Article.aspx?id=1036132
Van Zyl, G. (2016a, June 15). Hack attack threat for Gupta sites, Oakbay and Sahara down. Fin24. Retrieved from https://www.fin24.com/Tech/Cyber-Security/anonymous-threatens-hack-attacks-on-gupta-websites-20160615
Van Zyl, G. (2016b, June 30). Standard Bank computer was hacked in R300m ATM fraud hit – report. Fin24. Retrieved from http://www.fin24.com/Tech/Cyber-Security/standard-bank-computer-was-hacked-in-r300m-atm-fraud-hit-report-20160630
Van Zyl, G. (2016c, July 12). Anonymous “hacks” Armscor website. Fin24. Retrieved from http://www.fin24.com/Tech/News/anonymous-hacks-armscor-website-20160712
Venktess, K. (2016, September 8). eThekwini municipality website leaks user data – Expert. Fin24. Retrieved from http://www.fin24.com/Tech/News/ethekwini-municipality-website-leaks-user-data-expert-20160908
Vermeulen, J. (2013, May 14). Spyware servers in South Africa: the plot thickens. MyBroadband. Retrieved from http://mybroadband.co.za/news/security/77110-government-spyware-servers-in-south-africa-telkom-govt-mum.html
Vermeulen, J. (2014, January 8). E-toll website flaw a cyber-attack: Sanral. MyBroadband. Retrieved from https://mybroadband.co.za/news/security/94554-e-toll-website-flaw-a-cyber-attack-sanral.html
Vermeulen, J. (2016a, February 12). Anonymous hacks SA government database, MyBroadband. Retrieved from http://mybroadband.co.za/news/security/155030-anonymous-hacks-sa-government-database.html
Vermeulen, J. (2016b, June 13). This is how I took down the SABC: Anonymous hacker. MyBroadband. Retrieved from http://mybroadband.co.za/news/security/168303-this-is-how-i-took-down-the-sabc-anonymous-hacker.html
Downloads
Published
Issue
Section
License
Copyright (c) 2017 https://creativecommons.org/licenses/by/4.0

This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
- Abstract 1236
- pdf 426