- This topic is empty.
Viewing 1 post (of 1 total)
-
Posts
-
Cybercriminal activity targeting South Africa is expected to intensify in 2025, in line with global patterns. However, head of security research at Orange Cyberdefense, Charl van der Walt, believes incidents could worsen more quickly in South Africa.
This comes after several prominent South African companies and at least four state-owned entities suffered cyberattacks in 2024.
He explained that cybercrime comes from a systemic context of diverse political, economic, sociocultural, and technological factors.
“The trajectory of crime in the country will change only when these factors change,” Van der Walt said.
He said a brief assessment indicates South Africa’s technology is equivalent to that of other countries. However, it tends to lag behind on some metrics, such as universality, digital adoption, and security capabilities.
“Socioculturally and economically, things remain the same, or arguably evolve to increase crime. Politically, the situation is only getting more complex, both in Africa and in the ‘global north’,” Van der Walt stated.
“My read of the systemic context suggests that crime patterns will probably intensify in line with global patterns, or potentially get worse more quickly.”
He explained that, globally, the volume and intensity of cybercrime shows little sign of subsiding, adding that if anything, cybercrime merely shifts in response to geopolitical swings.
“In today’s climate, it’s very hard to predict if and how geopolitics shapes cybercrime in (South) Africa, but I can see very few scenarios in which the near future looks more secure to us,” Van der Walt said.
In 2024, no fewer than three government departments or related entities suffered cyberattacks.
The International Trade Administration Commission of South Africa (ITAC), which is part of the Department of Trade, Industry, and Competition, was the victim of a ransomware attack in January 2024.
The personal information of employees, service providers, importers, exporters, and “other stakeholders” was potentially stolen through the attack, and the perpetrator is still unknown.
The Government Pensions Administration Agency (GPAA), under the Government Employee Pension Fund, suffered a breach in February 2024, through which 68GB of data was stolen.
Hacking group LockBit claimed responsibility for the attack on the GPAA.
The Department of Health’s National Health Laboratory Service (NHLS) fell victim to a cyberattack in June 2024.
The perpetrators, BlackSuit, made away with 1.2TB of data, including client and patient information.
The attack also shut down the NHLS’s IT system, impacting emails, its website, and its lab test result retrieval and storage system.
Cyber extortion versus scams and fraud
Van der Walt said the two major classes of “cybercrime” are Cyber Extortion (CyX) and diverse forms of scams and fraud.
“Cyber Extortion is in its nature opportunistic, and only needs a victim that has exposed digital systems and is willing to pay the ransom. South Africa has both of those,” he stated.
He explained that only two factors mitigate the impact of CyX on South Africa. These are the size of the economy, which makes it a smaller target, and the protection we get from players like the US and China.
“Digital fraud and scams are more diverse, and tend to adapt to local contexts more,” said Van der Walt.
For example, South African organisations might expect to see more business email compromise scams as a result of lower digital literacy and weaker corporate finance governance protocols.
He added that Orange Cyberdefense expects to see more crime stemming from fraudulent SIM swaps and alternate payment systems, while crypto-related thefts and fraud are expected to be less frequent.
Van der Walt also highlighted other threat actors to consider, such as state and state-aligned hacktivists.
“State activities can be thought of broadly as espionage (which is common, continuous, and probably not really that ‘disruptive’) and ‘power projection’,” he said.
“State-aligned hacktivism is essentially a new form of state-aligned power projection, and so are mis- and disinformation, hack and leak campaigns, and targeted attacks on critical infrastructure.”
Van der Walt believes South Africa is very exposed to diverse forms of state-aligned power projection campaigns.
“To a degree, these are worrying because they have the potential to impact South Africa’s long-term financial and political prospects,” he said.
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.