Cybersecurity company Trellix says the cybercrime trends observed in South Africa are “pretty much” in line with what is happening on the global stage.

“In the last 12 months, we have seen an uptick in activity from cybercrime actors targeting South Africans, and while the actors may be different, the attacks are the same in terms of global presence,” says Trellix South Africa country lead Carlo Bolzonello.

“South African companies are taking the necessary steps to protect against cyberthreats, but the financial investment this requires is substantial. 

“This is especially challenging considering the exchange rate with the dollar, which has an impact on the ability of some organisations to fully stay abreast of the most relevant technologies from overseas vendors.

“Also, human capacity in cybersecurity resources is still a major problem, as there is a huge dearth of knowledge in South Africa,” notes Bolzonello.

“This doesn’t even account for the steady exodus of these already rare skills from the country, with people being driven by better salaries and work-from-home offerings from international companies, who are more progressive when it comes to remote working.”

Bolzonello says that in order to adequately protect themselves and their customers’ information, South African companies need to make aggressive investments to acquire the best-of-breed technologies and to continuously equip people (both users and security personnel) with globally relevant capabilities.

Transport Sector Targeted
Trellix’s newest Threat Report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) actors. 

The report examines malicious cyberactivity, including threats to email, the malicious use of legitimate third-party security tools, and more. 

The key findings include the fact that US ransomware activity leads the pack.

In the US alone, ransomware activity increased 100% quarter-over-quarter in the transport and shipping sectors. 

Globally, transport was the second most active sector, following telecommunications. 

APTs were also detected in transportation more than in any other sector. 

A second finding was that Germany saw the highest detections.

Not only did Germany generate the most threat detections related to APT actors in the third quarter of the year (29% of observed activity), but it also had the most ransomware detections. 

Ransomware detections rose 32% in Germany in the third quarter and generated 27% of global activity. 

The China-linked threat actor, Mustang Panda, had the most detected threat indicators in the third quarter, followed by Russia-linked APT29 and Pakistan-linked APT36.

The report also notes that ransomware has evolved.

Phobos, a ransomware sold as a complete kit in the cybercriminal underground, has avoided public reports until now. However, it accounted for 10% of global detected activity and was the second most used ransomware detected in the US. 

LockBit continued to be the most detected ransomware globally, generating 22% of detections.

“So far in 2022, we have seen unremitting activity out of Russia and other State-sponsored groups,” says Trellix threat intelligence head John Fokker.

“This activity is compounded by a rise in politically motivated hacktivism and sustained ransomware attacks on healthcare and education. 

“The need for increased inspection of cyberthreat actors and their methods has never been greater.”