South Africans have a lot to contend with this week, especially with the COVID-19 pandemic prompting a national lockdown as of midnight on Thursday (27th March). It means most people in the country will be indoors and working remotely, and unsurprisingly cybercriminals are looking to take advantage of that.

So much so that Kaspersky has seen a massive spike in network attacks recently. More specifically between 15th and 21st March, which is when president Cyril Ramaphosa declared COVID-19 a national disaster.

“The peak coincides with a time in South Africa when remote working increased in response to national emergency containment measures in an effort to flatten the curve of spread of the Coronavirus (COVID-19) in the country,” Kaspersky noted.

The cybersecurity firm tells us that the average number of local network attacks rose from between 20 000 and 30 000, to over 310 000 in only a matter of days.

“The region is seeing an increase in attempts to break into the organisations systems to establish control over them, sabotage their work, or access sensitive information. Remote working provides cybercriminals a prime opportunity to target devices, especially those that don’t necessarily have adequate IT security measures in place,” adds Maher Yamout, senior security researcher at Kaspersky.

“Such a spike recorded, although temporary, leads us to believe that cybercriminals have keenly been focused on the region given the current circumstances – have been on the lookout for vulnerable devices to exploit – and likely due to the rapid increase in remote working protocols that have been initiated during this timeframe, especially since the growth in attacks continued until the weekend,” he continues.

Looking at the nature of the attacks, the firm says the methods employed were varied, but brute forcing of passwords accounted for a third of them. Kaspersky says this technique is very common and often works well with weak or repetitively used passwords or poorly configured systems.

“In reviewing this spike, it certainly reinforces the need to institute critical security measures for remote working strategies, to ensure effective protection. However, with the spike dropping again, such advice is likely being onboarded and taken seriously, which is great to see, and we hope continues,” Tamout concludes.

With South Africans expected to be working remotely for the next month at least, Kaspersky has offered up the following tips to remain secure:

  • Make use of a VPN to connect securely to the corporate network.
  • Use multi-factor authentication wherever possible.
  • Ensure all corporate devices – including smartphones, notebooks and tablets are protected with adequate security software.
  • Segregate your personal devices/life from corporate computers.
  • Ensure the latest available updates are installed regularly.
  • Only use corporate-approved teleconferencing software.
  • Practice basic cybersecurity rules:
    • Do not click on emails from strangers or unknown sources,
    • Do not open attachments received from unknown senders,
    • Make use of strong passwords only,
    • Do not share passwords,
    • Don’t connect to unprotected or public WiFi.
[Image – Photo by Markus Spiske on Unsplash]