Tag: security breach

SASSA Vulnerabilities Report – Cybercrime

SA Social Security Agency Releases Report on Large-Scale Cybersecurity Breach

The South African Social Security Agency (SASSA) has released an in-depth report following a large-scale breach of its cyber defences last year which is alleged to have cost taxpayers an estimated R175 million. 

The findings raise serious questions about the cybersecurity protocols in place at government departments and suggest several key areas for improvement.

While the cyberattack on SASSA was significant, it was not unique. With organisations of all sizes increasingly falling prey to hackers and cybercriminals, the report offers valuable lessons that every organisation can implement. 

Let’s take a closer look at what happened, what the investigation uncovered, and how businesses can use this information to keep their own data safe.

Large-Scale Cybersecurity Breach Detected by University Students

When hackers breached SASSA’s defences, they helped themselves to an enormous sum of money which was ultimately financed by South African taxpayers. The hacking group N4ughtySecGroup, which claimed responsibility, alleged that the amount stolen exceeds R175 million. 

A troubling revelation for commentators and the public is that the breach wasn’t detected by the department itself. In fact it was first-year computer science students Joel Cedras and Veer Gosai from Stellenbosch University who stumbled upon it while working on a research project.

In the wake of their discovery, SASSA launched an investigation, with cybersecurity specialist Stanly Machote and auditing firm Masegare & Associates tasked with uncovering how such a critical security failure had occurred. 

The report, recently presented to Parliament, outlines the modus operandi of those responsible, though their identities remain classified.

  • The hackers exploited vulnerabilities in the Social Relief of Distress (SRD) grant system, which was introduced during the COVID-19 lockdown as a R350-per-month survival grant. 
  • The government later extended these payments as a form of universal basic income for struggling families. Unfortunately, due to the sheer volume of applicants, authorities appear to have been unable to track exactly who was receiving SRD payments or whether the recipients were legitimate.

In analysing how, when, and why the SRD system was compromised, the report commissioned by SASSA outlines the following vulnerabilities in the department’s security infrastructure:

  1. API vulnerabilities – No rate limiting allowed mass querying of ID numbers, exposing application statuses.
  2. Data exposure & fraud risks – Sensitive applicant details were accessible, and high application rates suggested possible identity misuse.
  3. Unauthorised applications & payments – Grants were linked to ID numbers of non-applicants, raising misallocation concerns.
  4. Unofficial websites & phishing threats – Fake sites collected personal data, leading to financial loss and compliance risks.
  5. Authentication & phone-related risks – Multiple applications per number, SIM swap fraud, and inadequate cellphone ownership validation increased fraud potential.
  6. Encryption & security weaknesses – Poor encryption, missing security headers, and weak content security policies left data vulnerable.
  7. System & server vulnerabilities – Weak portal security, misconfigurations, directory enumeration risks, and unencrypted communications exposed the system to attacks.

For tech experts, this list reads like a how-not-to guide for cybersecurity, highlighting just how much SASSA’s lack of basic security protocols contributed to the breach. A reliance on old technology made the system an easy target for cybercriminals.

The report’s bottom line recommendations are clear: a serious overhaul of the department’s cybersecurity framework is long overdue.

The Lesson for Businesses: Don’t Repeat SASSA’s Mistakes

It’s easy to criticise the government’s lack of cyber preparedness and see it as yet another example of inefficiency, but the reality is that many businesses- both large and small- suffer from similar vulnerabilities.

  • A full-scale cybersecurity audit may sound expensive, but for larger businesses storing vast amounts of sensitive client data, it could be a necessity rather than a luxury.
  • No matter the size of your business, one of the most cost-effective ways to strengthen cybersecurity is through secure cloud storage, fully integrated across all the applications your team relies on.

To learn more about our range of data security products, including our comprehensive Total Data Protection (TDP) System, visit our website today.

Cloud Backup for Business & Home

Get TDP Today

The 4 Most Damaging EMail Attachments

Email attachments have been blamed for viruses, malware and complete and utter computer breakdowns many times in recent years. Despite the plethora of warnings stating “do not open attachments from unknown senders” and “do not click on links in Emails”, still people, and entire corporations fall victim to the plight of an infected or malicious email attachment. More recently, Trickbot, Gandcrab, NanoCore Remote Access Trojan, and AgentTesla malware are malicious infections that have been contracted by opening seemingly innocent DOC files and ZIP attachments!

Spam isn’t Always Easy to Recognise

Not all online and email scams are as obvious and easy to spot as the infamous Nigerian prince looking for ways/reasons to send you spans of money. Some scams look so legitimate and trustworthy that the average man on the street will fall prey to it with little encouragement. That being said, what can you do to ensure that you spot the warning signs of a malicious attachment? Being aware and knowing what to be suspicious of is a good start.

The first thing you need to know is that hackers do their very best to keep their intentions secret. They won’t make it evident that the attachment is malicious, so you need to do a bit of detective work. Any regular PDF, DOC, XLSM, ZIP, ISO, or IMG file can be used for a spam or malware campaign, and this makes recognising a threat all the more complicated.

4 Types of Attachments You Should Be Wary of

We have already mentioned these file types above, but here are 4 of the most dangerous email attachments and how they are used to deliver destruction to your device & data.

1. Trickbot Modular Banking Trojan Spread by DOC/XLSM Files

This trojan is typically sent as an Excel spreadsheet detailing tax records and similar. Once the spreadsheet is open, a BitsAdmin tool takes control and starts stealing data from the device and network, in particular, banking data.

2. GandCrab ransomware spread with ZIP files

GandCrab ransomware, when unwittingly installed on a computer, encrypts all the machine’s contents and then displays a ransom note to the user. Once the user has followed the instructions on the ransom note (usually to pay money), it is expected that the ransomware can be removed. This ransomware looks much like a ZIP file photo attachment in an email.

3. Amex Phishing via PDF File

This phishing campaign specifically targets American Express customers. An email is sent out with a PDF attachment stating that the customer’s Amex account is “under review”. Once the email is opened, the attachment contains a link directing the customer to a secure message from Amex. Once the link is clicked on, it takes the customer to a Malicious website page which looks just like an official Amex page. Here, customers unwittingly input their banking details where hackers promptly steal them.

4. Winner scams Sent by PDF File Attachments

One of the biggest email scams is the “winner scam”. The email, which looks as though it comes from an official Google email account, states that the recipient has won in the online Google sweepstakes. To receive the prize, the recipient must input their personal details and the bank account details where they wish to receive their winnings. Of course, sensitive data is provided such as ID number, address, telephone number etc. There are no winnings – in fact, the entire scam is being run by identity thieves who then use the personal information to open accounts or take out loans.

What to Do

If you receive emails with attachments from people you do not know, do not open the email. It is also highly unlikely that you will be advised of a big win via email. If you are suspicious, google the phone number for the company and call them directly to verify that the information that you have received is legitimate. Also, never provide your personal details to a person or company you have not made initial contact with (or know) yourself.

If you have any tips and pointers to help others avoid email attachment scams, we’d love you to share them with us.

Protect yourself and your business against mobile device security threats.

You know the saying that the team is only as strong as its weakest link? Well, that’s also true of mobile device security. When trying to secure a system and network, even if you have put every effort into ensuring the setup is perfect, it just takes one end user to make a bad decision or be slack on the security front, and it can all come crashing down.

Nearly everyone on the planet totes a mobile phone these days and that means that hackers and malware have even more opportunity to strike than ever before. Mobile device security is under attack and as more and more users join the “party”, more and more opportunity for security threats arise.

What’s the trick? How does a company protect its mobile devices against security threats?

Some say that the trick is to remove the responsibility of device security from the end user and make it the responsibility of the IT department. IT department experts can implement policies and limitations that protect mobile device security.

Of course ,it’s not all about policies, but also about having the right tools, technology and know-how to protect devices and end-users. Moreover, it’s not the end-user that has access to these things.

How to Prevent Mobile Device Security Threats Negatively Impacting your Business

Mobile devices are vulnerable to risks including malware, data breaches and more. The first step to protecting your business is to treat your mobile device security as an ongoing process.

Implement the following best practices in your business:

  • Ensure mobile security systems and apps are up-to-date. All mobile devices should have the latest modern security patches, full system encryption, strong password and PIN requirements, and biometric authentication.
  • All mobile apps should be thoroughly vetted and regularly updated.
  • All security events must be logged.
  • Insist all end-users make use of company-wide file sharing and document collaboration and absolutely no personal consumer-based apps.
  • Staff members must be trained in company mobile device security policies and protocols.
  • Provide staff members with company devices that have security systems installed and in place. BYOD (bring your own device) work environments lead to security breaches.
  • Encourage regular data backups from devices instead of storing sensitive information on end-user devices.

How to Reduce the Risk of Smartphone Viruses

Smartphone viruses can be detrimental to a business’ entire mobile security system. Here’s what your company IT department can do to reduce the risk of such viruses.

  • Stay up to date on the latest malware and mobile viruses.
  • Ensure all devices have the latest, updated mobile operating systems. When operating systems are updated, the security features are usually greatly improved.
  • Set in place enterprise mobility management policies to ensure that threats are recognised early on and can be contained.
  • Implement two-factor authentication.
  • Limit the web pages that end users can access through their browser on company devices.

How to Reduce Mobile Device Security Threats Whether you are at Home or Abroad

Employees that take their work mobiles home or need to travel overseas with them are faced with unique mobile device security threats. Your IT department can do the following to reduce security threats.

  • Make sure employees are aware of their privacy rights in the area they are travelling based on the customs and border protection laws of that particular country.
  • Some companies have separate mobile devices used only for travel and basic communications. No company information is stored on the device.
  • Instruct end users to avoid using public Wi-Fi.
  • Multi-factor authentication should be implemented to ensure that any data on a mobile device is absolutely safe, especially if a mobile phone is stolen or lost.
  • All data should be stored in the cloud and not on-device. Employees should be trained on how to do secure backups daily and how to remove sensitive data securely from the device too.

Preventing mobile device security threats is not easy. The end-user certainly plays a role in the process, but with the right tools and implementations from the IT experts, the security of business mobile devices can be greatly improved.

Digital tech crime in the spotlight: Interesting tricks used by card fraud criminals

At the end of 2017 the statistics on card fraud were made available to the public and how interesting they were. A quick review of the stats provided by SABRIC (South African Banking Risk Information Centre) shows that over the course of 2017, credit card fraud increased by 1% while debit card fraud actually decreased by 8.5%!

Why did debit card fraud decrease so much?

According to Kalyani Pillay, the CEO of SABRIC, debit card fraud events took a steep decline as a result of fewer lost and stolen cards. There were also fewer counterfeit cards on the market.

This doesn’t mean that fraud isn’t happening, it’s just that criminals have adjusted their tactics in order to take advantage of innovations in the banking landscape.

Here are the latest fraudsters’ tricks

SABRIC released a list of 7 of the latest tricks used by card fraudsters in South Africa at the moment.

#1. Lost and stolen card fraud
The easiest way for criminals to acquire cards is when they interfere with the physical transaction process. This usually happens at the ATM by opportunistic criminals offering to help people, or devising a way to acquire the card PIN. Cash is then drawn from the card at various machines until the daily limit is reached.

#2. Issued card not received fraud
This is when the criminal collects or intercepts a card before it is delivered to the right person. While most banks ensure that cards are delivered by courier direct to the client’s home, or that the customer personally collects the cars from their branch, some cards are sent by mail. These credit cards, loan cards, clothing and merchandise account cards and similar are then collected by the criminal.

#3. Card falsely applied for fraud
Here, the criminal gathers information on an individual and applies for credit and cards in their name, with their details. The card is then issued and used, racking up a bill which must then be paid for by the innocent party.

#4. Counterfeit card fraud
Criminals with the right equipment and software can steal information from the magnetic strip of an existing card. The information can then be used to create a false card. This is often called “card skimming” and can be done at ATMs.

#5. Speedpoint card skimming fraud
This is when criminals steal legitimate Point of Sale (POS) devices from merchants and then convert them into card skimming machines. This usually goes unnoticed as speed point machines can be replaced with similar machines that don’t belong to the actual company.

#6. Replacement card fraud
Again, theft of personal information plays a role in this type of card fraud. Criminals gather all the relevant information on an individual and then apply for a replacement card which is then handed over to them, ready to use and abuse.

#7. Card not present fraud (CNP transactions)
Certain transactions such as online purchases or mobile purchases don’t require a physical card at the point of purchase. Data breaches, phishing, and malware can be used to gather card information from various sources. This information is then used to complete online and mobile purchases and transfers.

Always make sure that your personal information is protected and that your data is securely backed up to the cloud. If you are looking for peace of mind and a secure backup option, check out the online backup system features at Soteria

South Africans are ‘pwned’ in worst data leak ever

Having your personal information and data compromised can mean serious problems for both private individuals and corporations. The biggest data leak to date in South Africa, was recently discovered by Troy Hunt, the regional director of Microsoft.

The information that Hunt found online contained over 30 GB of data detailing the ID numbers, income details, occupations and addresses of over 30 million South Africans! Even more concerning is that no-one really knows what this breach means. There has been no claim or indication of whether it was posted online with the intention to cause damage, commit fraud or simply as a result of pure ignorance/negligence.

Is the leaked info that Troy Hunt found legitimate?

The file that Troy stumbled across was called “masterdeeds” which immediately piqued his interested. He turned to Twitter to ask the general public what should be done.

In an attempt to determine legitimacy, several South African followers offered to compare their personal particulars with those that Troy had found and sure enough, the details were accurate! This type of leak is often caused by a lack of correct protocols and set practices in departments where sensitive information and data is handled.

Troy Hunt – SA public hero #1

Troy Hunt is a Microsoft regional director, and owner of website “haveibeenpwned.com”. This website is a public service that enables individuals (and businesses) to check if any of their email addresses have been compromised by hacks.

Troy Hunt added all the email addresses related to the recently publicised hack to the haveibeenpwned.com database, so there’s no time like the present to check if your personal information has been affected. The leaked information dates all the way back to 1990, so you might want to check multiple email accounts, even ones that you haven’t used in years.

Are data leaks always going to plague the world?

Ignorance is often to blame for data leaks and hacks. If more people understood the dangers in a data leak and how they actually happen, there would probably be far fewer occurrences. There are a few ways in which you can safe guard yourself from them though. Consider these tips:

  • Don’t keep sensitive data stored on local machines where everyone has the same access
  • Make sure that sensitive data is backed up with data encryption and not stored locally
  • Don’t use the same password across all accounts and platforms
  • Make sure that your passwords are strong and are not based on things people could easily guess from your personal information
  • Use a tool such as LastPass to create, store and protect your passwords.
  • Have you been “pwned”?

It’s time to start taking steps towards protecting yourself against data leaks and breaches! Safeguard your data by backing up regularly to the cloud regularly and don’t forget to check if your details have been made public!

Yet Another Netflix Security Breach! Security Solutions for Businesses!

The middle of June 2014 saw yet another collection of Netflix passwords leaked online, which of course means bad things for the users of the site as well as the company itself. Many Netflix users were up in arms as their passwords were leaked online and their data and security of their personal information compromised.

Such a security breach is something that many have fallen victim to over the years and sometimes this can have huge damaging effects on the company or service targeted, as information can be deleted, corrupted or changed, causing huge system failures and bringing about negative financial implications. Accounts can be used to complete transactions that are not authorised by the actual account holders which results in even more financial upset between service provider and account holder.

A hacker group calling themselves “Derp” are responsible for the latest security breach at Netflix. The usernames and passwords of over 1800 Netflix users were posted to PasteBin. Luckily a number of the users targeted reported that the details posted were in fact their old user names and passwords, and so their accounts were not at risk. Some might not have been so lucky, but no numbers have been made officially available of those affected by the attack.

What is the moral of the story? Companies should certainly have the security of their client data in mind. By incorporating the right security features and ensuring that safe and secure cloud backups are done of client data, a great deal of stress can be removed from such a situation.

As a user, the moral is slightly different. Having a secure password is simply not enough anymore. It is important to ensure that you use a password that can’t be easily guessed and you should change this password every so often. Don’t be a victim of security breaches! Make use of services that can ensure the security of your personal information and accounts and ensure that you do your bit towards a safer and more secure online experience too.