Corporates beware: hackers are getting smarter, ransoms bigger

Hackers are becoming smarter and earning millions in ransom by directly targeting organisations, a new report on cyber security has found.

Traditionally, hackers have used "bots" in so-called "spray-and-prey" attacks to send out mass viruses through e-mail. This tactic only worked if people opened the link sent to them.

Now cyber criminals have stepped up their game, according to Sophos, a UK-based security company that released the annual Threat Report.

For example, a group of hackers dubbed SamSam earned R92m in ransom payments after they manually attacked users’ hard drives and demanded payment in exchange for the return of their information.

People commonly feared losing their banking details to hackers but there was actually much more at stake, said Noelle Cowling, of Stellenbosch University’s Security Institute for Governance and Leadership in Africa.

"When your data is sold on the dark web, it makes you susceptible to all kinds of crime," she said.

Hackers who targeted the vulnerabilities of IT infrastructure in organisations had access to all employees’ data, including bank accounts and personal information. This in turn allowed them to stalk individuals and family members.

SA has been the target of two of the top 10 recorded international security breaches.

More than 30-million ID numbers were stolen in a data hack in 2017. Almost a million individual records, including banking details, were hacked in a breach of the country’s online traffic fine payment system this year.

"The threat landscape is undoubtedly evolving; less-skilled cyber criminals are being forced out of business, the fittest among them step up their game to survive and we’ll eventually be left with fewer, but smarter and stronger, adversaries," said the chief technology officer of Sophos, Joe Levy.

As more people connect their devices, it is becoming easier for hackers to attack multiple devices at once. This can be especially problematic in office settings, where an entire network can be taken down in one fell swoop. 

The Threat Report says these attacks are getting smarter by using administration tools that are installed on Windows computers. Criminals can use them to create a "chain reaction" that is hard to stop and not spotted until it is too late.

"Once those domain admin credentials have been captured, the attacker waits for the opportune moment — late at night on the Friday of a holiday weekend, for example — to strike."

When an attack is detected, hackers who are live-managing an attack will often have the skills to avoid roadblocks in an internet battle with IT managers. Frequently the hackers will prevail.

The report says attacks can be so thorough that companies will opt to pay the R705,000 charged by groups like SamSam.

Payment in the form of Bitcoin is demanded through a "dark web" site where victims of the cyber attacks find themselves chatting with hackers directly.

It is expected that the success of the SamSam-style attacks will inspire an increase in such targeted attacks in 2019.

"SA needs a national cyber strategy," Cowling said. "Companies and the government have not upped their game to meet the threat."