Get more Mail & Guardian
Subscribe or Login

Beware, the cybervirus criminals want you

This week the owners of the popular video chat app, Houseparty, offered $1-million to anyone who has evidence that downloading the app has led to other services being hacked.

The United States-based firm, Epic Games, said “hacking rumours were spread by a paid commercial smear campaign to harm Houseparty” and assured its users that none of its data had been breached.

During a time when most governments around the world, including South Africa, have implemented partial or full lockdowns in a bid to curb the spread of Covid-19, Houseparty has been a useful app for those who want to connect with their families and friends. The BBC reported that “downloads of the app rose from an average of 130 000 a week mid-February to two million a week in the middle of March”, according to Apptopia.

Although Epic Games has denied that its app is behind the hacking of  many social media users accounts on other platforms such as Netflix and Spotify, the data breach scare is an illustration of many people’s heightened awareness of the possible unauthorised access and use of their information.

The clampdown on social and work life has seen people increasingly working from home. This, coupled with children being at home and requiring home-streaming videos and other digital entertainment has made securing data even more critical. Companies, households and individuals are all at increased risk of cyberattacks as the move to digital and voice communication increases.

During times of crisis, people turn to trusted sources for accurate information. This leaves them vulnerable to cybercriminals who “exploit human weakness to penetrate systemic defences”, the World Health Organisation (WHO) has warned.

With an increased reliance on technology during lockdowns, there is a greater risk of a company’s network being accessed from any location. Employees are also vulnerable while they work away from the office.

Aside from complying with the law, securing data is critical given the financial implications that a breach may have.

According to the latest annual Cost of a Data Breach Report, by the US-based Ponemon Institute, the average cost of a data breach for South African companies is about R43,3-million. This is almost twice the international benchmark, which is about R22-million.

Methods used by cybercriminals include impersonating official websites such as the WHO and South Africa’s National Institute for Communicable Diseases to steal email credentials and even request Bitcoin donations claiming they will be used to fund research for a Covid-19 vaccine, says Eric McGee of Deloitte Risk Advisory Services.

covid-19 in sa

McGee says cybercriminals may also use phishing schemes to trick their victim into acting on their request. This comes in the form of messages about loved ones and often requires the victim to act with a sense of urgency.

On Monday, the security awareness company KnowBe4 said it had discovered a new phishing scheme in which people are told that they’ve been in contact with a  loved one who has contracted Covid-19. The email instructs them to download an attachment and proceed immediately to the hospital.

“The victim is instructed to fill out a pre-filled Excel form, which is actually a macro-laden Office document that serves as a trojan downloader and is currently only detected by a handful of anti-virus applications,” KnowBe4 said.

Lize Barclay, a lecturer in futures studies and systems thinking at the University of Stellenbosch Business School, says fraud reports related to Covid-19 may have increased by as much as 400% in March alone

To protect employees from possible cybercrimes, Barclay says businesses should reinforce cybercrime awareness among their employees. Setting up a VPN (virtual private network) would add an additional layer of security.

“With people working from home, the border between company property and personal property has been blurred, from the perspective of the employee, and it is that blurring of the lines that are being exploited,” she says.

Although South African law does not specifically impose a duty to implement cybersecurity measures in an organisation, Barclay says the Protection of Personal Information Act might provide guidance  to deal with specific data breaches.

“The Cybercrimes Bill of South Africa might provide additional recourse as well. However, with all viruses, be that COVID-19 or cyberviruses, prevention is much more prudent than trying to find a cure.”

Thando Maeko is an Adamela Trust business reporter at the Mail & Guardian

Subscribe to the M&G

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them and receive a 40% discount on our annual rate..

Thando Maeko
Thando Maeko is an Adamela Trust business reporter at the Mail & Guardian

Related stories


Subscribers only

Q&A Sessions: Zanele Mbuyisa — For the love of people-centred...

She’s worked on one of the biggest class-action cases in South Africa and she’s taken on Uber: Zanele Mbuyisa speaks to Athandiwe Saba about advocating for the underrepresented, getting ‘old’ and transformation in the law fraternity

Update: Standard Bank rejects climate proposal

Climate considerations are pressing Standard Bank shareholders to push for the recusal of those with fossil fuel ties.

More top stories

Denel money woes clip air force’s wings

A senior officer says the shortage of spares and and ability to service aircraft and vehicles has a negative effect on the SANDF’s operational ability

State fails at-risk children as R55m orphanage stands empty

Boikagong Centre in Mahikeng has been closed for almost two years because it did not meet safety requirements. The discarded children say they want a safe place to learn, but instead endure rape and other violence

Wildlife farming vs Creecy’s panel

The departments of environment and agriculture legislation are at odds over modifying the genes of wild animals

Drugs and alcohol abuse rage in crime stats

Substance abuse has emerged as a reason for the spike in crimes during the first quarter of 2021.

press releases

Loading latest Press Releases…