Check Point has revealed that South Africa was among the countries impacted by a 10% increase in ransomware attacks last November, using Locky and Cryptowall. As a result, South Africa moved up the list of 117 most attacked countries.
In its monthly Global Threat Index, a ranking of the most prevalent malware families attacking organisations’ networks, Check Point found both the number of active malware families and number of attacks remained close to an all-time high as the number of attacks on business networks continued to be relentless.
Continuing a trend first detected in October, Locky ransomware continued to increase in prevalence, with a further 10% increase in the number of attacks using this family – a pattern that was mirrored by the fifth most common malware, Cryptowall.
Locky, which started its distribution in February 2016, spreads mainly via spam emails containing a downloader disguised as a Word or Zip file attachment, which then downloads and installs the malware that encrypts the user files. Locky was the no.1 malware family in the largest amount of countries (34 countries compared to Conficker, which was the top malware in 28 countries).
The pattern highlights the growing threat posed to corporate networks by ransomware and suggests that many organisations are simply paying ransoms to secure the return of their files, making it an attractive – and lucrative – attack vector for cyber-criminals.
Once again Conficker retained its position as the world’s most prevalent malware, responsible for 15% of recognised attacks. Second-placed Locky, which only started its distribution in February of this year, was responsible for 6% of all attacks, and third-placed Sality was responsible for 5% of known attacks. Overall the top ten malware families were responsible for 45% of all known attacks.
The three most common malware distributed in South Africa in November were:
1. ↔ Virut – Botnet used in DDoS attacks, spam distribution, data theft and fraud. The malware is spread through infected devices such as USB sticks as well as compromised websites and files.
2. ↑ Sality – Virus that allows remote operations and downloads of additional malware to infected systems by its operator. Its main goal is to persist in a system and provide means for remote control and installing further malware.
3. ↔ Conficker – Worm that allows remote operations and malware to be download. Infected machines are controlled by a botnet, which contacts its Command & Control server to receive instructions.
The Ramnit banking Trojan saw the largest increase in attacks globally in November, entering Check Point’s top 10 ranking for the first time as the 6th most common malware. It more than doubled its amount of infections since last October, and was mainly seen in Turkey, Brazil, India, Indonesia and the U.S. Ramnit is used to steal banking credentials, FTP passwords, session cookies and personal data.
For the eighth consecutive month, HummingBad remains the most common malware used to attack mobile devices globally.
Mobile malware families continued to pose a significant threat to businesses. The three most common mobile families were:
1. ↔ HummingBad – Android malware that establishes a persistent rootkit on the device, installs fraudulent applications and enables additional malicious activity such as installing a key-logger, stealing credentials and bypassing encrypted email containers used by enterprises.
2. ↔ Triada – Modular Backdoor for Android which grants super-user privileges to downloaded malware, as helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
3. ↑ Ztorg – Trojan that uses root privileges to download and install applications on the mobile phone without the user’s knowledge.
Doros Hadjizenonos, Country Manager of Check Point South Africa, explained, “Ransomware attacks are still growing in volume for a simple reason – they work and generate significant revenues for the attackers. Organisations are struggling to effectively counteract the threat posed by this insidious attack form; many simply don’t have the right defences in place, and may not have educated staff on how to recognise the signs of a potential ransomware attack in incoming emails. This, of course, only makes it even more attractive to criminals.
“Organisations must use advanced threat prevention measures on networks, endpoints and mobile devices to stop malware at the pre-infection stage, such as Check Point’s SandBlast™ Zero-Day Protection, Threat Extraction, and Mobile Threat Prevention solutions, to ensure that they are adequately secured against the latest threats,” added Hadjizenonos.
Check Point’s threat index is based on threat intelligence drawn from its ThreatCloud World Cyber Threat Map, which tracks how and where cyberattacks are taking place worldwide in real time. The Threat Map is powered by Check Point’s ThreatCloudTM intelligence, the largest collaborative network to fight cybercrime, which delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analysed for bot discovery, over 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.
Gadget goes to Hollywood
Gadget visited the Netflix studios last week. In the first of a series, ARTHUR GOLDSTUCK talks to CEO Reed Hastings.
Netflix CEO Reed Hastings is no stranger to Africa. He has travelled throughout South Africa, taught maths in Swaziland for two years with the Peace Corps, and visits close family in Maputo. As a result, he is keenly aware of the South African entertainment and connectivity landscape.
In an exclusive interview at the Netflix studios in Hollywood, Los Angeles, last week, he revealed that Netflix had no intentions of challenging MultiChoice’s dominance of live sports broadcasting on the continent.
“Other firms will do sport and news; we are trying to focus on movies and TV shows,” he said. “There are a lot of areas that are video that we are not doing: sports, news, video gaming, user-generated content. We don’t have live sport.
“We’re not replacing MultiChoice at all. Their subscriber growth is steady in South Africa. They serve a need that’s independent of the Internet, via low-price satellite. There is no intention of capturing that audience. If they’re growing, it’s because they serve a need.”
While Reed ruled out any collaboration with MultiChoice on its satellite delivery platform, despite its collaboration with another pay-TV service, Sky TV in the United Kingdom, he did not close the door. He stressed that Netflix saw itself as an Internet-based service, and would pursue the opportunities offered by evolving broadband in Africa.
“If you look in other markets like the USA, how Comcast carries us on set-top boxes with their other services, it could happen with MultiChoice, the same as with all the pay-TV providers.
“We’re really focused on being a service over the Internet and not over satellite. Our service doesn’t work on satellite. Where we work with Sky is on Internet-connected devices. We’re happy to work on Internet-connected devices. We tend to work on smart TVs, but need broadband Internet for that.
“Broadband is getting faster in Nigeria, Tanzania, Kenya and South Africa – we can see the positive trendlines – so it’s more likely we will work with broadband Internet companies.”
Hastings is a firm believer in the idea that one content provider’s success does not depend on pushing another down.
“HBO has grown at the same time as we have, so can see our success doesn’t determine their success. What matters is amazing content with which the world falls in love.”
Click here to read about Netflix’s international expansion, and how the streaming service selects content for its platform.
Take these 5 steps to digital
By MARK WALKER, Associate Vice President for Sub-Saharan Africa at IDC Middle East, Africa and Turkey.
Digital transformation isn’t a buzz word because it sounds nice and looks good on the business CV. It is fundamental to long-term business success. IDC anticipates that 75% of enterprises will be on the path to digital transformation by 2027.
However, digital transformation is not a process that ticks a box and moves to the next item on the agenda – it is defined by the organisation’s shift towards a digitally empowered infrastructure and employee. It is an evolution across system, infrastructure, process, individual and leadership and should follow clear pathways to ensure sustainable success.
The nature of the enterprise has changed completely with the influence of digital, cloud and the Fourth Industrial Revolution (4IR), and success is reliant on strategic change.
There is a lot more ownership and transparency throughout the organisation and there is a responsibility that comes with that – employees want access to information, there has to be speed in knowledge, transactions and engagement,” he adds. “To ensure that the organisation evolves alongside digital and demand, it has to follow five very clear pathways to long-term, achievable success.
The first of these is to evaluate where the enterprise sits right now in terms of its digital journey. This will differ by organisation size and industry, as well as its reliance on technology. A smaller organisation that only needs a basic accounting function or the internet for email will have far different considerations to a small organisation that requires high-end technology to manage hedge funds or drive cloud solutions. The same comparisons apply to the enterprise-level organisation. The mining sector will have a completely different sub-set of technology requirements and infrastructure limitations to the retail or finance sectors.
Ultimately, every organisation, regardless of size or industry, is reliant on technology to grow or deliver customer service, but their digital transformation requirements are different. To ensure that investment into artificial intelligence (AI), machine learning, knowledge engines, automation and connectivity are accurately placed within the business and know exactly where the business is going.
The second step is to examine what the business wants to achieve. Again, the goals of the organisation over the long and short term will be entirely sector dependent, but it is essential that it examine what the competitive environment looks like and what influences customer expectations. This understanding will allow for the business to hone its digital requirements accordingly.
The third step is to match expectations to reality. You need to see how you can move your digital transformation strategy forward and what areas require prioritisation, what funding models will support your digital aspirations, and how this tie into what the market wants. Ultimately, every step of the process has to be prioritised to ensure
The fourth step is to look at the operational side of the process. This is as critical as any other aspect of the transformation strategy as it maps budget to skills to infrastructure in such a way as to ensure that any project delivers return on investment. Budget and funding are always top of mind when it comes to digital transformation – these are understandably key issues for the business. How will it benefit from the investment? How will it influence the customer experience? What impact will this have on the ongoing bottom line? These questions tie neatly into the fifth step in the process – the feedback loop.
This is often the forgotten step, but it is the most important. The feedback loop is critical to ensuring that the digital transformation process is achieving the right results, that the right metrics are in place, and that the needle is moving in the right direction. It is within this feedback loop that the organisation can consistently refine the process to ensure that it moves to each successive step with the right metrics in place.
There is also one final element that every organisation should have in place throughout its digital evolution. An element that many overlook – engagement. There must be a real desire to change, from the top of the organisation right down to the bottom, and an understanding of what it means to undertake this change and why it is essential. This is why this will be a key discussion at the 2019 IDC South Africa CIO Summit taking place in April this year. With this in place, the five steps to digital transformation will make sense and deliver the right results.