According to researchers at IBM X-Force, Sphinx, a modular malware based on leaked source code of the infamous Zeus banking trojan began resurfacing in December 2019. However, a substantial increase in volume was reported in March 2020.
This was due to Sphinx’s operators taking advantage of the interest and news around government relief payments in the U.S, Canada and Australia. Across the globe fraud and cyber-attacks have soared. This is of particular concern for South Africa as funds are collected to uphold the economy during lockdown and new grants are implemented to ensure the wellbeing of citizens.
The local situation
South African president Cyril Ramaphosa recently announced a significant package of social and economic relief to address the fallout from the country’s COVID-19 lockdown. It includes a R50 billion increase to the value of existing social grants, a new grant and delivery of food parcels to poor households. However, security concerns do not lie within existing social grants but rather with regards to the special COVID-19 Social Relief of Distress grant.
Over the past few weeks, a number of threats have been identified in the banking industry – namely, social engineering, third-party data breaches and ransomware. All of which could be used to infiltrate, and steal government funds meant for the vulnerable. Therefore, the government, financial institutions, organisations assisting to disseminate these funds and the public recipients need to be more aware of looming threats.
What do I look out for?
The first threat South Africans need to be cognisant of is social engineering, the psychological manipulation of people into performing actions or divulging confidential information. Here, tactics can vary. However, when individuals are targeted the criminals are usually trying to trick them into giving their passwords or bank information, or access to computers in order to secretly install malicious software. This software provides hackers with access to everything they need including passwords and bank information as well as giving them control over the computer.
Criminals use social engineering tactics because it is usually easier to exploit a person’s natural inclination to trust. Hackers are starting to target mobile phones using malware to infect, obtain contacts and even transfer money.
Moreover, people also need to be aware of third-party breaches and ransomware. These two threats are different in that ransomware systems can be breached through an authorised third party. For example, if an insurer shares information with a financial advisor, and the advisor resorted to sharing this information to a third party – it can be a risk. It is not the typical ‘encrypt your data’ scheme like ransomware.
The current pandemic and subsequent lockdown have added a lot of strain to the country. As the government tries to stabilise the economy it also needs to ensure that threats are taken care of and that citizens money is protected.
In particular, the government and financial institutions need to focus on the new COVID grant as the grant is going to be provided to members who may not have received grants before. In addition, new systems will be used that have not been tried and tested, and the people who are in desperate need of these funds won’t necessarily have the capacity or resources to inform the right people of a scam if it occurs.
The extra funds provided during the pandemic has opened the country up to threats and abusers of the system. The government not only needs to make sure they are disseminating the funds but also ensure that the right people are receiving it.
By Simeon Tassev, Managing Director and Qualified Security Assessor at Galix