Global cybercriminals eye SA crypto investors

Cybersecurity company Trellix said the volume of malicious threat campaigns saw a spike, from just more than 5 000 files to over 20 000 in September and back down to more than 10 000 in October. REUTERS/Dado Ruvic

Cybersecurity company Trellix said the volume of malicious threat campaigns saw a spike, from just more than 5 000 files to over 20 000 in September and back down to more than 10 000 in October. REUTERS/Dado Ruvic

Published Nov 30, 2022

Share

With South African investors entering the cryptocurrency market at a faster pace than ever, the country was becoming a more attractive target for global cybercriminals.

This was according to Carlo Bolzonello, a country manager at Trellix South Africa on the release of the Trellix Cyber Threat Intelligence Briefing for South Africa, November Edition, looking at the period between August and October.

Public utilities, education institutions and financial services organisations recorded the highest number of incidences of malicious and innocuous files, the report found.

It found a dip from around 2.6 million malicious and innocuous files detected in August to 2.4 million in September, before the number shot back up, past the 2.7 million mark, in October.

Cybersecurity company Trellix said the volume of malicious threat campaigns saw a spike, from just more than 5 000 files to over 20 000 in September and back down to more than 10 000 in October.

By far, the highest detected threat was of the MyKings Botnet Clipboard Stealer.

“Alarmingly, the MyKings malware is aggressively used to install itself on machines to download crypto wallets and addresses, allowing hacking groups to clear out user’s crypto wallets,” Bolzonello said.

Other common threats over the period included an offspring of the Vega Stealer, the Zeppelin (Buran) ransomware group, which originated out of the US and has proliferated globally, predominantly targeting the financial services and communications sectors.

Others were the Vice Society ransomware group, which was predominantly known for exploiting system vulnerabilities, especially where organisations might be slow to institute patches for prior threats.

Bolzonello said South Africa has seen a growing emergence of threats, with tools like CrackMapExec and BadPotato, which were quite openly available and conducted surreptitious vulnerability assessments of systems to access privileges.

“Staying abreast of some of these evolving threats will require a comprehensive strategy for cloud-hosted and on-premise threat detection using live data from security operations centres,” he added.

According to SA’s Internet Service Providers’ Association (Ispa), the approach of the new year was the ideal time to start investigating Multifactor Authentication (MFA), a layered approach to electronic security that requires two or more credentials to verify identity.

It said the one-time password (OTP) that underpinned many MFA systems ensured there was an extra security layer preventing unauthorised logins.

However, most modern phones and laptops now had built-in security keys and used biometrics to implement MFA.

BUSINESS REPORT