AppRiver, a leading provider of email and web security solutions, recently released its Global Security report detailing cyber-attacks seen in 2015. Here is a look into their report.
Last year saw a drastic increase in cybercrime of twice the amount seen in 2014, AppRiver quarantined 944 million messages containing malware from January to November 2015, as well as 26 billion spam messages in the same period.
South Africans are not immune to cyber-attacks, and although the SA government has recognised these threats and implemented laws such as the Electronic Communication and Transfers (ECT) Act 25 of 2002, they do not have the resources to combat cybercrime.
Cyber-attacks came in many shapes and forms in 2015, from malicious macros to wire transfer fraud, here is a breakdown of what we saw.
- Malicious Microsoft Macros
- Java Script obfuscation
- Wire Transfer Fraud
- Point of Sale Malware
Macros are scripts built into Microsoft Office applications that in themselves are not malicious but can be leveraged by hackers to gain access to your data. The hacker would essentially use macros enabled documents sent to a victim via email, the victim is then prompted to open the document and enable macros in order for Word documents, for example to be turned into malicious payloads.
Malware has been around for many years now, but until recently it was relatively easy to combat. The latest forms of malware obtain access to user data and encrypt the data so that even once the malware has been eliminated the users data would still be inaccessible. This allows the hacker to demand a ransom for access to the data. What we have seen recently is high profile individuals and businesses being targeted by Ransomware, hackers will demand a ransom and if the demands are not met they threaten to release sensitive information to the public. Ransomware attacks have affected a number of South African companies and have become so prevalent that South African TV show Carte Blanch recently ran a story on Ransomware and what to do if you are targeted by it.
In the later part of 2015 high numbers of attacks were carried out using Java Scripts obfuscation. Hacker uses Java Script as a way into the victims system while avoiding detection by the users AV, luckily most AV solutions have been adapted to enable detection of these threats.
In this case Hackers will generally target high level individuals by sending fraudulent emails from business partners requiring money to be transferred for a business interaction. Hackers are able to do this by sending emails that display the address of the company but the reply-to address is an external address, this way victims believe the emails to be legitimate and the transactions are completed resulting in businesses involved losing large sums of money to these fraudulent transfers. In January 2016 a South African couple was scammed out of R250 000 when hackers accessed a property Conveyancers email address. Hackers requested the payment of the deposit for the home the couple was trying to buy, only weeks later did anyone realise the money had been paid into the wrong account.
Hackers continue to use malware that targets the Point of Sale systems to access credit card information of individuals. Point of Sale systems store credit card information of the customer for the Retailers reference, hackers use malware to intercept this information. Banks and Retailers have now made the move away from the traditional swipe credit card and have implemented chip and PIN cards in an attempt to reduce rick of breached information however there is still the threat of hackers gaining accesses to retailer’s internal systems. In late 2015 Hyatt Hotels announced that they had found malware on their payment processing systems at many of the Hotel’s global locations. One of the hotels affected was the Hyatt Regency in Johannesburg. Any clients who made payments at the Hotel’s restaurant, spa, golf shop and front desk may have been at risk.