malware
Watch out for this credential-stealing Microsoft Exchange add-on
Image sourced from Discover Germany Kaspersky has uncovered a previously unknown IIS module (a piece of software aimed at providing additional features to Microsoft web servers) they have since dubbed Owowa that steals credentials entered by a user when logging into Outlook Web Access (OWA); it also allows the attackers to gain remote control access to the underlying server. Compiled sometime between late 2020 and April 2021, this module is a stealthy theft method that is difficult to detect with network monitoring. It’s also resistant to software updates from Exchange, meaning it can stay hidden on a device for a long time. In 2021, advanced threat actors were increasingly exploiting vulnerabilities of Microsoft Exchange Server. In March, four critical vulnerabilities in the servers allow...
ITC Secure and Cassava Technologies Announce Security Partnership
Image by Darwin Laganzon, Pixabay. ITC Secure (ITC), a leading advisory-led cyber security services company and a Microsoft Gold cyber security partner, and Cassava Technologies (CassavaTechnologies.com), the pan-African technology leader, announced today that they have entered into a Joint Venture (JV) to build and launch an extensive portfolio of cyber security services, powered by Microsoft Azure cloud technologies in Africa. Hardy Pemhiwa, the CEO of Cassava Technologies said: “Digital transformation in Africa is accelerating the adoption of cloud services which is creating an urgent need to better protect users and business-critical data. Cassava Technologies footprint covering more than 15 countries in Africa, we are well-positioned to meet the growing needs of businesses and individ...
Ransomware – Hindsight is 20/20
Sourced from Kaspersky Three things many companies wished they had actioned before a ransomware attack. There are few things worse than discovering that your business has been compromised. Be it a phish, ransomware, hack or malicious attack, it’s going to leave a long legacy of damage and complexity behind it. According to Martin Potgieter, Co-Founder and Technical Director at Nclose, “There are three things that most breach victims wished they had checked, or done differently, after they’ve been hit with a ransomware attack.” “The first is to ensure that the company firewall is filtering outbound traffic as aggressively as it is filtering inbound traffic. Once an attacker gets a foothold within a network if there is unrestricted outbound access, they have the freedom they need to do...
How a Small Email Phish Can Become a Million Rand Ransom
Image sourced from Kaspersky. Cybercrime is smart, innovative, and agile. Cybercriminals are well-rewarded for their innovative attack vectors and have no incentive to stop finding inventive ways of penetrating systems and moving past the most vulnerable defences. According to Paul Grapendaal, Head of Managed Security Services at Nclose, there’s no standard playbook when it comes to penetrating a system successfully, but there are solid security steps that can mitigate risk and help the business manage the fallout. Steps that will help bolster your defences and ensure that one phish won’t cost your business millions. Paul Grapendaal, Head of Managed Security Services at Nclose. “There are obvious routes of attack, such as spear phishing, that are designed to focus on a target with the sole...
Targeted Malware is Raging Across South Africa, Kenya & Nigeria
According to the latest research of internet security firm Kaspersky on threat landscape trends, South Africa, Kenya and Nigeria are facing dramatic changes in the landscape. While regular, self-propagating malware is decreasing dramatically, as it is no longer effective and cannot fly under security radars, the region will see the growth of new cybercrime models in the upcoming year. While comparing the overall number of mass cyberattacks in 2021, security researchers at Kaspersky noticed a 7,5% decrease in Nigeria, a 12% decrease in South Africa and an unprecedented 28,6% decrease in Kenya. The reason for such a change was the introduction and popularisation of new cybercrime models in the region, with cybercrime tools becoming more targeted along with a long-running trend where malware ...
When It Comes to Cybercrime Beware of Social Engineers
You would be forgiven for thinking that terms like phishing, vishing, whaling, and pharming all had something to do with either a water sport or a pharmaceutical company, but every one of these is a cybercrime attack. These attacks leverage social engineering techniques to hack personal accounts, infect devices with ransomware, gain access to organisations or steal information to be sold on to the highest underground bidders. As Anna Collard, SVP of content and evangelist at KnowBe4 Africa points out, it has become absolutely essential for people to be mindful of what they post on social media. Anna Collard, SVP of content and evangelist at KnowBe4 Africa. “The risk of identity theft has never been greater and according to a report by SAFPS, has increased by 337% in 2020,” she says. “When ...
The Mobile Malware Scourge Hits SA, Kenya & Nigeria
Internet security provider Kaspersky has blocked more than 206,000 mobile malware attacks across the Middle East, Turkey, and Africa (META) region in just 6-months measured, between January to June 2021. Out of these attacks, a combined 30,000 originated from Nigeria (14,071), Kenya (10,697), and South Africa (5,499), respectively. Significantly, for the African countries monitored, Nigeria only trails Egypt (19,466) by the number of attacks blocked, pointing to how prevalent mobile threats have become in this highly connected country. In fact, Kaspersky’s latest research shows that when looking at the top ten countries by share of users attacked by mobile malware Nigeria places eighth (at 11.76%). Even though Kenya and South Africa might not feature as prominently, the mobile malware thre...
1 in 4 People Use Fitness Devices – Is Your Tracking Data Secure from Hackers?
Image sourced from Reuters. A recent study by the virtual private network provider NordVPN revealed that 1 in 4 (24.6%) people use some kind of fitness or well-being device, such as a smartwatch, fitness tracker, etc. However, these devices may be tracking a lot more than your fitness activities, and 25% do nothing to protect them, which may pose a serious risk to people’s privacy. Among the data collected by fitness wearables and the mobile apps connected to them, there are basic activities such as steps, heart rate, the time you go to sleep or wake up, as well as your consumed calories, weight, or even running routes, which are all of great interest to stalkers or attackers. For example, Clario research has revealed that Strava collects 41.18% of users’ personal data, and MyFitnessPal — ...
Malware Attacks in Africa Reach 85-Million in 6 Months – Kaspersky
Image sourced from Sectigo. According to research performed by cybersecurity firm Kaspersky, malware is rife across Africa with various countries exhibiting strong growth in all malware types in the first half of 2021 when compared to the same period last year. This is a 5% increase in the region, as cybercriminals and hackers continue to focus on African countries considering digital transformation advancements and the increase in remote working resulting from the COVID-19 pandemic. Overall, 4 countries account for 85 million attacks, with South Africa being the most targeted (32-million attacks), followed by Kenya (28.3-million), Nigeria (16.7-million) and Ethiopia (8-million). All countries but Kenya saw the relative growth of all malware attacks. Ethiopia and Nigeria have seen an incre...
35% of SAns Have Never Used Dating Apps Because They Fear Scammers
Sourced from TechSpot and PC World. According to the findings of a study by cybersecurity firm Kaspersky, dating app scammers pose a serious barrier to people wanting to use such services. In particular, 35% of respondents in South Africa are afraid to use them, as they fear being deceived by fraudsters, and 35% generally do not trust people in dating apps. However, only 17% of respondents were targeted by cybercriminals, and 34% who contacted fraudsters managed to avoid an attack. Millions of individuals use online dating applications or social networking sites in order to find a partner. But instead of finding love, many people encounter a con artist attempting to dupe them into giving money. Scammers are drawn to dating services because they know that people on these platforms are looki...
Recent Increases in Cyberattacks Could Be Due to Leaked Cyber “Superweapons”
Sourced from Forbes Check Point Research (CPR), the Threat Intelligence arm of Check Point Software Technologies Ltd., a leading provider of cybersecurity solutions globally, warns of a further increase in cyberattacks and thinks it could be partly down to major powers leaking, what they refer to as, ‘cyber superweapons’. “We have long warned that organisations of all sizes are being bombarded by a global fifth generation of cyber threats (Gen V). These are multi-vector cyber threats that can cause fatal damage and irreparable harm to the reputation of the compromised company,” said Pankaj Bhula, Regional Spokesperson at Check Point Software. “However, most companies are only secured against what we call third-generation threats (Gen III), which are threats that we’ve known about since the...
