By Alain Tshal
In 2020, the world changed overnight in response to the COVID-19 pandemic. As more organisations adopted and accelerated digital strategies – and with most of us relying on the internet to go about our everyday life – cybercriminals were presented with a huge range of new opportunities to exploit. This year will be no different. Here are some important cybersecurity trends for South African organisations to look out for in 2021.
Phishing and fraud to the fore
According to a recent TransUnion survey, 42% of South African households have been targeted by COVID-19-related scams, an increase of 14% since the lockdown started in April last year.
As the F5 Labs 2020 Phishing and Fraud Report showed, attackers are more brazenly opportunistic than ever. During the height of the first waves of the pandemic, phishing incidents were up by a massive 220% compared with the yearly average. Everywhere you looked, fraudsters were latching onto themes accentuated by the pandemic, including sending fraudulent emails or SMS messages related to emotive issues like health measures, contact tracing, homeworking protocols and charitable donations.
Fraudsters are getting trickier too. Most phishing sites now leverage encryption, with a full 72% using valid HTTPS certificates to trick victims. What’s more, 100% of drop zones – the destinations of stolen data sent by malware – used TLS encryption (up from 89% in 2019).
If we look ahead, there are two major phishing trends on the horizon.
As a result of improved bot traffic (botnet) security controls and solutions, attackers are starting to embrace click farms. This entails dozens of remote “workers” systematically attempting to log onto a target website using recently harvested credentials. The connection comes from a human using a standard web browser, which makes fraudulent activity harder to detect. Even a relatively low volume of attacks has an impact. As an example, Shape Security analysed 14 million monthly logins at a financial services organisation and recorded a manual a fraud rate of 0,4%. That is the equivalent of 56,000 fraudulent logon attempts, and the numbers associated with this type of activity are only set to rise.
Shape Security researchers also recorded an increase in the volume of real-time phishing proxies (RTPP) that can capture and use multi-factor authentication (MFA) codes. The RTPP acts as a person-in-the-middle and intercepts a victim’s transactions with a real website. Since the attack occurs in real-time, the malicious website can automate the process of capturing and replaying time-based authentication such as MFA codes. It can even steal and reuse session cookies.
3D printers versus biometric security
3D printers are more widespread in South Africa since the pandemic started and have been used for everything from aeroplane parts to life-saving masks. Cybercriminals have also taken note. Think that bogus 3D-printed fingerprints and faces that can pass biometric authenticators represent a distant, sci-fi future? Think again! These types of scams are right around the corner. It won’t require a high-quality scan of a victim, either. Biometric authentication boils down to probability scoring, and a printable ‘master key’ may look more like a keychain of composable parts than a replica of a person’s face or fingerprint.
Bolt-on security will move to the edge
Routing a packet all the way through the internet just to say, “no, this one’s rotten, reject it.” is a waste of resources. Moving products like bot protection and data validation to the edge is the obvious solution and will save both processing time and bandwidth costs. This has become more of an impetus for organisations seeking long-term, cost-effective digital resilience by adopting multi-cloud infrastructure, applications, and data resources to accommodate business scaling, continuity, and flexible operations of a remote or hybrid workforce.
A new wave of data breach announcements
The office landscape changed radically in 2020. Millions of employees switched to remote work in a matter of days and systems scaled quickly. Unsurprisingly, this introduced a host of new risks.
The problem isn’t remote working itself, it’s more that the traffic and activity data started looking different all at once. Just like when somebody disrupts your vision with a torchlight, it takes time to readjust. Once companies recognise what new breaches look like, we’ll see a flurry of breach announcements within a short time frame. South Africa’s Protection of Personal Information Act (POPI), which comes into force in July this year, will also likely yield prompt more reports of data breaches, as organisations implement systems to ensure compliance.
The 5G challenge
The roll-out of 5G across South Africa promises to provide greater access to connectivity and enable new levels of technological innovation. It is worth noting that the deployment of 5G infrastructures represents one of the most challenging next-gen network rollouts ever in terms of scale and scope. Service providers will need to meet extreme end-to-end bandwidth requirements, as well as deliver highly responsive and low latency connections to a multitude of devices and device types. On top of that, they must protect against new threats and vulnerabilities – all while consumers expect stellar performance, the latest features, and complete security.
Remember, millions of connected devices mean millions of potential back doors for hackers. More than ever, security solutions will have to account for complex attack vectors at massive scale, at every layer, and for multiple threats.
- Alain Tshal, District Manager at F5, Sub-Saharan Africa