An Analysis of Cyber-Incidents in South Africa

Authors

DOI:

https://doi.org/10.23962/10539/23573

Keywords:

advanced persistent threat, data breach, defacement, distributed denial of service, financial theft, system penetration

Abstract

Cybersecurity concerns are present in all nations, but the exact nature of the threats differs depending on the country and/or region. Therefore there is a need to assess the threats and impacts for specific countries. This article presents a high-level analysis of “newsworthy” cyber-incidents that affected South Africa. The 54 incidents that are considered are categorised according to impact type, perpetrator type, and victim type, and the trends are assessed. It was found that the most common impact type was data exposure, which was also one that had increased noticeably in recent years. The most prevalent perpetrator type was found to be hacktivists, which had also exhibited a recent increase in activity. A particularly concerning trend was the recent high number of incidents of data exposure caused by error, a trend running contrary to the drive to improve cybersecurity. It was also found that of the incidents considered, 54% targeted state-owned or political entities as victims. In general, the results appeared consistent with global reported trends.

References

Ackroyd, B. (2014, December 4). Cyber hacktivist strikes SA sites again. ENCA. Retrieved from http://www.enca.com/technology/cyber-hactivist-strikes-sa-sites-again

Ajam, K. (2012, November 10). Alarm over credit card breach. The Independent on Saturday.

Andress, J., & Winterfield, S. (2014). Cyber warfare: Techniques, tactics and tools for security practitioners (2nd ed). Waltham, MA: Elsevier.

Arde, A. (2012, November 17). Hack attack a costly lesson for banks, The Independent on Saturday.

BBC News. (1999, September 13). Hackers deface SA stats site. Retrieved from http://news.bbc.co.uk/2/hi/africa/446392.stm

Brown, R., & Rudis, B. (2017). Rapid7 threat report 2017 Q1. Retrieved from https://www.rapid7.com/globalassets/_pdfs/research/rapid7-threat-report-2017-q1.pdf

Buchanan, B. (2017). The cybersecurity dilemma. Oxford: Oxford University Press. https://doi.org/10.1093/acprof:oso/9780190665012.001.0001

Cave, K. (2017, March 24). Cinema chain hack sees data security take centre stage in South Africa. IDG Connect. Retrieved from http://www.idgconnect.com/blog-abstract/25679/cinema-chain-hack-security-centre-stage-south-africa

Chandarman, R. (2016). Cybersecurity awareness of students at a private higher education institute in South Africa. Master’s dissertation, University of KwaZulu-Natal, Westville, Durban.

Cusimano, J. (2010). DCS virus infection, investigation and response: A case study. Presentation to Industrial Control Systems Joint Working Group (ICSJWG) Fall Conference, 25-28 October, Seattle.

Department of Justice and Correctional Services. (2017). Cybercrimes and Cybersecurity Bill. Pretoria.

Dingle, S. (2009, July 15). Anatomy of an SMS banking scam. FIN24.com. Retrieved from http://www.fin24.com/articles/default/display_article.aspx?ArticleId=2638902

Dlamini, Z., & Modise, M. (2012). Cyber security awareness initiatives in South Africa: A synergy approach. In V. Lysenko (Ed.), 7th International Conference on Information Warfare and Security (pp. 98-107). Seattle: University of Washington.

ESET. (2016, October). En route with Sednit: Part I: Approaching the target. Retrieved from https://www.welivesecurity.com/wp-content/uploads/2016/10/eset-sednit-part1.pdf

Fearn, N. (2017, March 29). Critical lack of skills could be the biggest security challenge. IDG Connect. Retrieved from http://www.idgconnect.com/abstract/25505/critical-lack-skills-biggest-security-challenge

FireEye. (2014). APT28: A window into Russia’s cyber espionage operations? Retrieved from https://www2.fireeye.com/apt28.html

Fripp, C. (2016, February 12). Anonymous begins #OpAfrica: Claims thousands of SA sites compromised. htxt.africa. Retrieved from http://www.htxt.co.za/2016/02/12/anonymous-makes-good-on-promise-goes-after-sa-government-websites/

Gorton, B. (2016, June 14). Anonymous Africa goes after “racist” EFF and their “Godfathers” Zanu PF. Sowetan Live. Retrieved from http://www.sowetanlive.co.za/news/article16983627.ece

HomeGrownHoney.(2009, January 7). Hackers expose South African banks. ITWeb. Retrieved from http://mydl.itweb.co.za/index.php?option=com_myblog&show=hackers-expose-south-african-bankshtml&Itemid=

ITNewsAfrica. (2013, August 30). MTN victim of cyber attack. Retrieved from http://www.itnewsafrica.com/2013/08/mtn-victim-of-cyber-attack/

ITWeb. (2013, May 6). No damage during Aarto hacking. Retrieved from http://www.itweb.co.za/index.php?option=com_content&view=article&id=63798

Limer, E, (2013). Meet Red October: The global cyber-espionage ring that spent 5 years in the shadows. Gizmodo. Retrieved from http://gizmodo.com/5975793/meet-red-october-the-global-cyber+espionage-ring-that-spent-5-years-in-the-shadows

Mail C Guardian. (2008, August 15). Hacker compromises DA website. Retrieved from https://mg.co.za/article/2008-08-15-hacker-compromises-da-website

Malwarebytes Labs. (2017). State of malware report 2017. Retrieved from https://www.malwarebytes.com/pdf/white-papers/stateofmalware.pdf

Mandiant. (2013, February 19). APT1: Exposing one of China’s cyber espionage units. Retrieved from https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf

Matinde, V. (2017, March 10). Cybersecurity must play catch up as more Kenyans move online. IDG Connect. Retrieved from http://www.idgconnect.com/abstract/25318/cybersecurity-play-catch-kenyans-online

Mbongwa, L., & Makua, J. (2005, January 13). Moroccan hackers blamed for website blitz. Independent Online. Retrieved from http://www.iol.co.za/news/south-africa/moroccan-hackers-blamed-for-website-blitz-231419

Miller, B., & Rowe, D. C. (2012). A survey of SCADA and critical infrastructure incidents. In RIIT ’12 (Ed.), Proceedings of the 1st Annual Conference on Research in Information Technology [RIIT ‘12], (pp 51-56), New York: ACM. https://doi.org/10.1145/2380790.2380805

Mkhwanazi, S. (2015, October 12). Roads agency account hacked for R8.5m. Independent Online. Retrieved from http://www.iol.co.za/capetimes/roads-agency-account-hacked-for-r8-5m-1.1928834

Muller, R. (2013, December 30). My Vodacom security flaw exposes subscriber details. MyBroadband. Retrieved from https://mybroadband.co.za/news/security/94234-my-vodacom-security-flaw-exposes-subscriber-details.html

MyBroadband. (2013a, August 21). City of Joburg exposes private information again. Retrieved from https://mybroadband.co.za/news/security/84929-city-of-joburg-exposes-private-information-again.html

MyBroadband. (2013b, October 15). Mass security breach of fast food payment systems in SA. Retrieved from http://mybroadband.co.za/news/security/88985-mass-security-breach-of-fast-food-payment-systems-in-sa.html

MyBroadband. (2014, January 5). Big Cell C security flaw uncovered. Retrieved from https://mybroadband.co.za/news/security/94332-big-cell-c-security-flaw-uncovered.html

MyBroadband. (2016, May 30). MTN exposing subscribers’ personal details online. Retrieved from https://mybroadband.co.za/news/cellular/166734-mtn-exposing-subscribers-personal-details-online.html

Norton South Africa (2012) Norton cybercrime report 2012. Retrieved from http://za.norton.com/cybercrimereport/promo?inid=uk_hho_downloads_home_link_cybercrimereport

Oiaga, M. (2006, July 4). Three South African banks hit by hackers. Softpedia. Retrieved from http://news.softpedia.com/news/Three-South-African-Banks-Hit-by-Hackers-28590.shtml

Paganini, P. (2013, January 17). Red October, RBN and too many questions still unresolved. Security Affairs blog. Retrieved from http://securityaffairs.co/wordpress/11779/cyber-crime/red-october-rbn-and-too-many-questions-still-unresolved.html

Patrick, H. (2015). Security information flow in the public sector: KZN health and education. PhD thesis. University of KwaZulu-Natal, Durban.

Plaut, M. (2010, October 26). Book says hacker tried to stop Mandela coming to power. BBC News. Retrieved from http://www.bbc.com/news/world-africa-11630092

Porter, B. (2003, August 8). Hackers target SA universities. News24. Retrieved from http://www.news24.com/SciTech/News/Hackers-target-SA-universities-20030808

Potgieter, D. (2011, January 8) Absa intercepts land bank swindle. Saturday Star. Retrieved from http://www.iol.co.za/business/companies/absa-intercepts-land-bank-swindle-1.1009423

Pretorius, B. H. (2016). Cyber-security and governance for industrial control systems (ICS) in South Africa. Master’s dissertation, University of KwaZulu-Natal, Durban.

PricewaterhouseCoopers (PwC), & BAE Systems. (2017). Operation Cloud Hopper. Retrieved from https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html

Rasool, F. 2012. Postbank heist signals policy gap, ITWeb. Retrieved from http://www.itweb.co.za/index.php?option=com_content&view=article&id=50818

Redelinghuis, K. (2011, March 30). ANC Youth League website hacked by “Warbird”. Memeburn. Retrieved from http://memeburn.com/2011/03/anc-youth-league-website-hacked/

Republic of South Africa (RSA). (2002a). Electronic Communications and Transactions Act 25 of 2002.

RSA. (2002b). Regulation of Interception of Communications and Provision of Communication-Related Information Act (RICA) 70 of 2002.

RSA. (2009). Protection of Personal Information (POPI) Bill 9 of 2009. RSA. (2013). Protection of Personal Information (POPI) Act 4 of 2013.

Reuters. (1998, June 11). South Africa police arrest teen hacker. Retrieved from http://lists.jammed.com/ISN/1998/11/0032.html

Roane, B. (2013, May 22). SAPS website hacked. The Star. Retrieved from http://www.iol.co.za/news/crime-courts/saps-website-hacked-1.1520042

SABC News. (2017, April 19). Cyber-attacks reaching a critical point in SA. Retrieved from http://www.timenews.co.za/timenews-sabc-news-cyber-attacks-reaching-a-critical-point-in-sawednesday-19-april-2017

Safenet. (2014). Breach database: Top data breaches. Retrieved from http://www.breachlevelindex.com/#!breach-database

SANews. (2012, December 21). Attack on e-toll website foiled. Retrieved from http://www.sanews.gov.za/south-africa/attack-e-toll-website-foiled

Saville, M. (2012, December 9). Three SA government websites hacked. Mail C Guardian. Retrieved from https://mg.co.za/article/2012-12-09-three-government-websites-hacked

Song, S. (2017). African undersea cables – Interactive. Many Possibilities blog. Retrieved from https://manypossibilities.net/african-undersea-cables-interactive

Speckman, A. (2015). Cybercriminals are on the prowl. BDLive. Retrieved from http://www.bdlive.co.za/businesstimes/2015/02/01/cybercriminals-are-on-the-prowl

State Security Agency (SSA). (2015). National cybersecurity policy framework. Pretoria.

Stone, A. (2010, April 25). Patient records for all to see. I-Net. Retrieved from http://news.za.msn.com/local/article.aspx?cp-documentid=153155730

Swart, W., & wa Afrika, M. (2012, January 15). It was a happy New Year’s Day for a gang who pulled off...R42m Postbank heist. Times Live. Retrieved from https://www.timeslive.co.za/news/south-africa/2012-01-15-it-was-a-happy-new-years-day-for-gang-who-pulled-offr42m-postbank-heist

Tate, S. (2017, April 19). Why Australia will lose a cyberwar. Vice. Retrieved from https://www.vice.com/en_au/article/why-australia-will-lose-a-cyberwar

TelecomSpeak. (2015, May 18). Cyber attack targets MTN Data Centre. Retrieved from http://www.telecomspeak.com/2015/05/18/cyber-attack-targets-mtn-data-centre

Tengimfene, N. (2013). Media statement on progress made by the Justice, Crime Prevention & Security cluster in the fight against corruption. Pretoria: Government Communication and Information System (GCIS).

Tubbs, B. (2013, May 22). SAPS hack spells negligence. ITWeb. Retrieved from http://www.itweb.co.za/index.php?option=com_content&view=article&id=64268:SAPS-hack-spells-negligence&catid=265

Van Niekerk, B. (2017). Analysis of cyber-attacks against the transportation sector. In M.E. Korstanje (Ed.), Threat mitigation and detection of cyber warfare and terrorism activities (pp. 69-92), Hershey PA: IGI. https://doi.org/10.4018/978-1-5225-1938-6.ch004

Van Rooyen, K. (2009, July 18). Hidden price of a banking scam. The Times. Retrieved from http://www.thetimes.co.za/News/Article.aspx?id=1036132

Van Zyl, G. (2016a, June 15). Hack attack threat for Gupta sites, Oakbay and Sahara down. Fin24. Retrieved from https://www.fin24.com/Tech/Cyber-Security/anonymous-threatens-hack-attacks-on-gupta-websites-20160615

Van Zyl, G. (2016b, June 30). Standard Bank computer was hacked in R300m ATM fraud hit – report. Fin24. Retrieved from http://www.fin24.com/Tech/Cyber-Security/standard-bank-computer-was-hacked-in-r300m-atm-fraud-hit-report-20160630

Van Zyl, G. (2016c, July 12). Anonymous “hacks” Armscor website. Fin24. Retrieved from http://www.fin24.com/Tech/News/anonymous-hacks-armscor-website-20160712

Venktess, K. (2016, September 8). eThekwini municipality website leaks user data – Expert. Fin24. Retrieved from http://www.fin24.com/Tech/News/ethekwini-municipality-website-leaks-user-data-expert-20160908

Vermeulen, J. (2013, May 14). Spyware servers in South Africa: the plot thickens. MyBroadband. Retrieved from http://mybroadband.co.za/news/security/77110-government-spyware-servers-in-south-africa-telkom-govt-mum.html

Vermeulen, J. (2014, January 8). E-toll website flaw a cyber-attack: Sanral. MyBroadband. Retrieved from https://mybroadband.co.za/news/security/94554-e-toll-website-flaw-a-cyber-attack-sanral.html

Vermeulen, J. (2016a, February 12). Anonymous hacks SA government database, MyBroadband. Retrieved from http://mybroadband.co.za/news/security/155030-anonymous-hacks-sa-government-database.html

Vermeulen, J. (2016b, June 13). This is how I took down the SABC: Anonymous hacker. MyBroadband. Retrieved from http://mybroadband.co.za/news/security/168303-this-is-how-i-took-down-the-sabc-anonymous-hacker.html

Downloads

Published

23-12-2017

Issue

Section

Focus Section on Cybersecurity

How to Cite

Van Niekerk, B. (2017) “An Analysis of Cyber-Incidents in South Africa”, The African Journal of Information and Communication (AJIC) [Preprint], (20). doi:10.23962/10539/23573.
Views
  • Abstract 1236
  • pdf 426