/ 28 October 2016

‘Fire sale’ cybercrimes are real

The speakers at the Cybersecurity Critical Thinking Forum: Linda Khumalo
The speakers at the Cybersecurity Critical Thinking Forum: Linda Khumalo

Anyone questioning the possibility that a cybercrime such as the one featured in the popular movie Die Hard 4 is in for a rude awakening. It is not only possible, but it has already happened.

A ‘fire sale’ is a three-stage cyber attack on a country’s computer infrastructure, shutting down all transportation systems such as traffic lights, railway, subway and airport systems, then disabling financial systems – stock exchanges, banks and finance houses — and then turning off public utility systems, such as electricity, gas, satellite and telecommunications. It is called a fire sale because “everything must go” and it can bring an economy to its knees.

One notable attack by the BlackEnergy tojan coincided with the Ukranian elections in December 2015 with three Prykarpattya Oblenergo energy distribution companies hacked, 30 substations offlined and 230 000 residents stranded without electricity. Two months later, grid control centres were still not fully operational.

The Montana Health Department, eBay, Vietnam Airlines, Domino’s Pizza, American Airlines and Sabre Corp are also members of a growing club of companies that have been targeted. The problem is very real and attacks are target-specific, thoroughly planned and orchestrated well ahead of time.

According to Linda Khumalo, founder and chief executive of AlertingSA, every corner of the world is at war on this front, with millions of attacks on computers and mobile devices every hour.

Opening the first Mail & Guardian cybersecurity Critical Thinking Forum on 25 October, 2016 in Rosebank, Johannesburg, Khumalo said that all over the world, cybercrime and cybersecurity are serious challenges both companies and individuals are grappling with.

Malicious tasks

“Government has now recognised the seriousness of the situation and has put in various initiatives to deal with cybersecurity, but it cannot carry the burden of responsibility and needs to work with the private sector to create awareness,” said Khumalo. “It costs South Africa around R2.2-billion per annum and 8.8-million South Africans have fallen prey over the past year. Globally $500-billion plus is lost to cybercrime.”

Citing the South African Banking Risk Information Centre, Khumalo said that South Africa ranks third in the world for number of hacked devices, making South Africans a veritable harvest of zombie devices, which have been compromised and can be used to perform malicious tasks under remote direction such as forward spam, spread viruses and form part of distributed denial of service (DDoS) attacks where an online service is rendered unavailable by overwhelming it with traffic.

“We need to have confidence that we are using secure devices,” said Barend Taute, manager, ICT Contract R&D, CSIR Meraka Institute and chair of the National Cybersecurity Advisory Council of the Department of Telecommunications and Postal Services.

“Government has put into place the Cyber Response Committee to bring all responsible government departments together to leverage for the country. It has also put structures in place using the State Security and State Intelligence agencies and bringing in the Department of Justice and Correctional Services to ensure legislation is in place. The Cybercrimes and Cybersecurity Bill awaits cabinet approval and hopefully will be enacted next year.”

Awareness with the police on how to handle cybercrime is also very much top of mind, as is education around how to share appropriate information on social media and cell phones. South African task teams are collaborating with other cybersecurity crime fighters in other countries.

Taute stressed that key to the policy framework is the role of industry, which must work with government and share threat-related information in a trusted environment.

Blissfully unaware

In June this year, Kaspersky Lab researchers investigated a global forum where cybercriminals can buy and sell access to compromised servers for as little as R90 each. This marketplace appears to be run by a Russian group. These servers would affect consumers of all levels, from governments to private industry, to the private citizen – all remaining blissfully unaware.

Explains Yury Namestnikov, head of global research and analysis, Team Russia Kaspersky Lab: “Statistics indicate that every device in South Africa will have been attacked by some form of malware in the last three months.

“Mobile risks include ransomware, infected apps in official markets, mobile web browser hacking, remote device hijacking, data theft and mobile banking trojans. We now see in banking trojans, 25% percent targeting desktops and 75% mobile devices.

“The motivation is not just money. They are looking for innovations, blueprints, business plans, budgets and routes to shareholders and partners. They want digital certificates and credentials, scientific research results and physical access codes. The intent is to disrupt your business, damage its reputation and find ways to control your company.”

Namestnikov said that cybercriminals get into corporate systems through spear-phishing emails, social networks and instant messaging, watering holes (where attackers seek to compromise a group of end users by first infecting websites that members of the group are known to visit), hospitality networks, USB drives and even by replacing hardware a person has ordered with a version that is aleady infected.

The future of enterprise threats include attacks with financial and espionage motives encompassing theft of trade secrets and intellectual property, stock manipulation, insider trading, targeted ransomware and DdoS attacks.

Readers who are still skeptical, or simply interested, can watch cyberattacks happening in real time at threatmap.fortiguard.com