Cyber criminals are getting more sophisticated - CNBC Africa

Cyber criminals are getting more sophisticated

Southern Africa

by Tendai Dube 0

The security report has highlighted the need for organisations to invest in technology against cybercriminals. Photo: Wikipedia

With the evolution of technology, Africa has become a more interactive continent and with this increased connectivity and decreasing data costs, is a rise in the prevalence of cybercrimes as well as the sophistication in which they operate.

Compared to global levels, Africa is probably one of the least affected continents but the more we evolve the more susceptible we become to cybercrimes and according to Greg Griessel, Consulting Systems Engineer Security Solutions at Cisco South Africa, they have noticed an increase in demand for security based products, especially in the last two or three years.

“It’s always been there, I think people are just becoming more aware of this, the threats that we see worldwide are the threats that we see relevant right through Africa and South Africa, with the prevalence of cheaper internet connection coming up and the more bandwidth that we have, the more relevant it becomes,” Griessel said.

The cybercriminals find ways to lure people into clicking onto harmful links explains Griessel, which can then use known vulnerabilities within software to exploit the systems people are connected to.

Cybercriminals are intelligent and ever-changing, according to Griessel hackers used to be motivated by attention and fame or hactivism but more so it has become about money or sensitive information.

"Number one is money, so people are trying to get funds out of us; the second thing would be perhaps industrial type espionage for the people who are trying to get information,” he said.

Being informed and educated is the best way to avoid this kind of attack by avoiding links that do not apply to you or look suspicious. Cybercriminals are targeted in their approach now, use personal information to deceive people into thinking it must be relevant to them.

“If someone sends you a link, don’t just go and click on it because it looks interesting, ask yourself three or four times why am I clicking on this, is this relevant to me, is this information that I really want to go and get and it’s not something about the latest trend,” said Griessel.

Cisco Midyear Security Report revealed that cybercriminals have started using classic literature and incorporating text from the likes of Jane Austen’s novel Sense and Sensibility into web landing pages carrying their tools for access -  security solutions like antiviruses are less likely to detect that.

Methods - Cisco

"Basically what they are doing when systems scan through information to see if it's malicious or not, they actually try and fool you into looking at the data that is coming in and they see that is a novel or perhaps a passage out of a book and it thinks it's legitimate.”

You can’t simply use just one detection method to deter the criminals because that would be relying on systems that just simply look at known or unknown strings or sentences or words while missing other things says Griessel, saying we need multiple stages of detection to minimise the chances.

“They are even more flexible because they can just pivot and move around and use whatever they want to try and catch out these technologies, so it becomes kind of a cat-and-mouse game that we have to play the whole time.”

Unfortunately dealing with cyber security is predominantly retrospective, you have to wait for it to happen so that you can analyse it and be able to detect it and block it.

"We always refer to something called mean time to detection and that is around when a threat occurs, how long will it take us to detect that and then have the ability to update the systems globally to catch those threats?”

Griessel says the industry average time-to-detection is about 200 days after it has gotten into an organisation and sometimes the organisation doesn’t even know that they have been attacked. Cisco is focused on bringing down that time-to-detection.

Malware Vectors

"There is no silver bullet - you are going to be compromised at some point in time, how you understand what is actually being compromised in your network and how you then clean up and control that with a minimal amount of loss."

Besides the remote way that cybercriminals attack people, there are no real repercussions for their acts. Government has no mandatory disclosure laws in place for companies to report when they have been attacked.

"At the moment there is no compliance around companies to report data loss, to report cybercrime activity, at the moment if you have had some data loss occur, people probably don’t want to admit it, number one because they are dealing with sensitive information, the other one is that they might not even know that it has occurred."

Making it compulsory for people and organisations to report the crimes would make it easier to quantify how much is actually lost to this crime as well as increase the size of the database of attack kits to decrease the chances for future cyberattacks.

"We’ve seen the top three industries being electronics, industrials and professional services that have been targeted - hackers don’t respect boundaries, don’t respect industry - any place where they could potentially get information  is where they are going to be approaching," said Griessel.

This concern for information has resulted in an increased demand in the cyber security business says Griessel, "I don’t think there is any meeting that we have that doesn’t have a key bullet point around security”.

The real problem is that companies are not updating their security, Griessel explains that just like how a car needs to be serviced constantly, is how organisations need to treat their security.

"We see it in many organisations where they will use compliance as a tick box,” he said

Doing it because they might have to but not updating their systems because it is at an added cost and might not understand that the system needs to be updated according to newly analysed attacks.