Two apparently separate groups of hackers are threatening to close down the finance sector and local government at a time when South Africans would be paying municipal bills and gaining access their bank accounts.
On Wednesday, one group sent a ransom note to a number of banks, claiming if it was not paid two Bitcoins (R219000) it would launch a distributed denial of service (DDOS) attack.
This, while another group of hackers is threatening to release City of Joburg customer information if it is not paid four Bitcoins by Monday.
A successful DDOS attack would prevent the banks from operating, slowing down their systems as their servers became overwhelmed by a flood of requests.
The banking industry was hit on Wednesday by a wave of DDOS attacks and this the attackers claimed in their ransoms was a small sample of what was to come.
“This small attack was big and guys are busy installing systems to mitigate the coming attack,” said cybersecurity expert Jacques van Heerden, who has knowledge of the cyberattack.
Attempts were made to track down the hackers through details they gave on how to pay the bitcoins.
“These attacks started with a ransom note which was delivered via email to both unattended as well as staff email addresses, all of which were publicly available,” said the SA Banking Risk Information Centre’s (Sabric) acting chief executive, Susan Potgieter.
South Africa has not been the only target of this criminal group. Over the past two weeks, the same group apparently attacked other finance institutions, in DDOS format, claiming to be the infamous hacking group Fancy Bear, which is associated with the Russian government, and was famous for hacking the White House in 2014.
However, it is believed the group is not Fancy Bear. “People do find it strange that they are asking for such a small amount,” said van Heerden.
But Sabric is confident “Fancy Bear” hackers will not disrupt any banks if they continue with their DDOS attacks.
“These kinds of attacks happen all the time,” said Potgieter.
“Robust defensive strategies have been invoked across the industry and we are confident customer impact will be kept to a minimum.”
From Page 1
Sabric emphasised that DDOS attacks did not involve data breaches.
A data breach, however, is the concern after a cyberattack on the City of Joburg (CoJ) website. The information released could include identification numbers, street addresses, cellphone numbers as well as banking details and credit card numbers.
A group calling themselves the Shadow Kill Hackers left a message that appeared on a number of City of Joburg employees PCs that said: “All of your servers and data have been hacked. We have dozens of back doors inside your city.”
Online services and call centres were affected and the website was down yesterday.
City spokesperson Nthatisi Modingoane said a team was working around the clock to sort out the problem.
The Hawks were involved and were attempting to identify the perpetrators.
Modingoane said they were in the process of slowly bringing services back online and were expecting everything to be up and running by the end of the weekend.
Cybersecurity expert Charl Ueckermann warned that IT experts had to be careful that all code left in the system by hackers, called formjacking, was removed.
“Cybercriminals will leave a bit of Java script on the payment gateway of lets say the City of Joburg website.
“They can then harvest credit card and banking details,” Ueckermann said. This latest attack, believe the experts, is a further indication that government institutions are not doing enough to protect against increasingly sophisticated cyberattacks.
Some large municipalities, according to Van Heerden, are still using “legacy” software, which doesn’t receive security updates anymore.
In July, City Power came under a ransomware attack that prevented thousands of prepaid customers from buying electricity.
Also this year, Eskom had two security breaches, which resulted in customer information been leaked online.
IT security company Checkpoint found that cybercriminals from around the globe see South Africa as an easy mark.
“The problem that you have, especially if you pay the ransom, they will keep coming back,” said Van Heerden.