Get more Mail & Guardian
Subscribe or Login

Beware, the cybervirus criminals want you

This week the owners of the popular video chat app, Houseparty, offered $1-million to anyone who has evidence that downloading the app has led to other services being hacked.

The United States-based firm, Epic Games, said “hacking rumours were spread by a paid commercial smear campaign to harm Houseparty” and assured its users that none of its data had been breached.

During a time when most governments around the world, including South Africa, have implemented partial or full lockdowns in a bid to curb the spread of Covid-19, Houseparty has been a useful app for those who want to connect with their families and friends. The BBC reported that “downloads of the app rose from an average of 130 000 a week mid-February to two million a week in the middle of March”, according to Apptopia.

Although Epic Games has denied that its app is behind the hacking of  many social media users accounts on other platforms such as Netflix and Spotify, the data breach scare is an illustration of many people’s heightened awareness of the possible unauthorised access and use of their information.

The clampdown on social and work life has seen people increasingly working from home. This, coupled with children being at home and requiring home-streaming videos and other digital entertainment has made securing data even more critical. Companies, households and individuals are all at increased risk of cyberattacks as the move to digital and voice communication increases.

During times of crisis, people turn to trusted sources for accurate information. This leaves them vulnerable to cybercriminals who “exploit human weakness to penetrate systemic defences”, the World Health Organisation (WHO) has warned.

With an increased reliance on technology during lockdowns, there is a greater risk of a company’s network being accessed from any location. Employees are also vulnerable while they work away from the office.

Aside from complying with the law, securing data is critical given the financial implications that a breach may have.

According to the latest annual Cost of a Data Breach Report, by the US-based Ponemon Institute, the average cost of a data breach for South African companies is about R43,3-million. This is almost twice the international benchmark, which is about R22-million.

Methods used by cybercriminals include impersonating official websites such as the WHO and South Africa’s National Institute for Communicable Diseases to steal email credentials and even request Bitcoin donations claiming they will be used to fund research for a Covid-19 vaccine, says Eric McGee of Deloitte Risk Advisory Services.

covid-19 in sa

McGee says cybercriminals may also use phishing schemes to trick their victim into acting on their request. This comes in the form of messages about loved ones and often requires the victim to act with a sense of urgency.

On Monday, the security awareness company KnowBe4 said it had discovered a new phishing scheme in which people are told that they’ve been in contact with a  loved one who has contracted Covid-19. The email instructs them to download an attachment and proceed immediately to the hospital.

“The victim is instructed to fill out a pre-filled Excel form, which is actually a macro-laden Office document that serves as a trojan downloader and is currently only detected by a handful of anti-virus applications,” KnowBe4 said.

Lize Barclay, a lecturer in futures studies and systems thinking at the University of Stellenbosch Business School, says fraud reports related to Covid-19 may have increased by as much as 400% in March alone

To protect employees from possible cybercrimes, Barclay says businesses should reinforce cybercrime awareness among their employees. Setting up a VPN (virtual private network) would add an additional layer of security.

“With people working from home, the border between company property and personal property has been blurred, from the perspective of the employee, and it is that blurring of the lines that are being exploited,” she says.

Although South African law does not specifically impose a duty to implement cybersecurity measures in an organisation, Barclay says the Protection of Personal Information Act might provide guidance  to deal with specific data breaches.

“The Cybercrimes Bill of South Africa might provide additional recourse as well. However, with all viruses, be that COVID-19 or cyberviruses, prevention is much more prudent than trying to find a cure.”

Thando Maeko is an Adamela Trust business reporter at the Mail & Guardian

Subscribe for R500/year

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them and get a 57% discount in your first year.

Thando Maeko
Thando Maeko is an Adamela Trust business reporter at the Mail & Guardian

Related stories


If you’re reading this, you clearly have great taste

If you haven’t already, you can subscribe to the Mail & Guardian for less than the cost of a cup of coffee a week, and get more great reads.

Already a subscriber? Sign in here


Subscribers only

Fears of violence persist a year after the murder of...

The court battle to stop coal mining in rural KwaZulu-Natal has heightened the sense of danger among environmental activists

Data shows EFF has lower negative sentiment online among voters...

The EFF has a stronger online presence than the ANC and Democratic Alliance

More top stories

Kenya’s beach boys fall into sex tourism, trafficking

In the face of their families’ poverty, young men, persuaded by the prospect of wealth or education, travel to Europe with their older female sponsors only to be trafficked for sex

High court reinstates Umgeni Water board

The high court has ruled that the dissolution of the water entity’s board by Minister Lindiwe Sisulu was unfair and unprocedural

Mkhize throws the book at the Special Investigating Unit

It’s a long shot at political redemption for the former health minister and, more pressingly, a bid to avert criminal charges

press releases

Loading latest Press Releases…