Government main target of cyberattacks in South Africa

The public sector is the primary target of cyberattacks in South Africa, according to a new security report.

US-headquartered Trellix said on Tuesday that its research has found that 26% of the threats it detected in the second quarter of this year were aimed at government systems.

“Despite not experiencing a significant surge in detections since the first quarter, we have noticed a worrisome trend of specialised, well-equipped and highly skilled threat actors,” said Carlo Bolzonello, country head at Trellix South Africa.

“What’s more alarming is their interconnection with extensive networks and potential state support, indicating a coordinated and sophisticated approach to their malicious activities.”

The most notable aggressors, Trellix said, were the Lazarus Group – part of an advanced persistent threats syndicate historically linked to North Korean government by the US – and Daggerfly, which is suspected to have links with China.

These groups use various attacks, including distributed denial-of-service botnets, keyloggers and “living-off-the-land tooling” – a special kind of attack that can go undetected for extended periods.

Read: SA must protect critical infrastructure from cyberattack

“What is even more concerning is that these adversaries are highly proficient in evasion tactics, leaving organisations believing they have eliminated the threats, when in reality, they may still lie concealed,” said Bolzonello.

Other targeted groups include business service providers (16%), wholesaler networks (14%) and utilities (12%).  – © 2023 NewsCentral Media

Get TechCentral’s daily newsletter