• Malicious intent

    Malware attacks cost Africa an estimated US$2 billion last year, but governments and businesses are preparing themselves in case the worst is yet to come.

    Malicious intent

    Zusy. Gootkit. Sality. Virut. Dvmap. The names don’t mean anything. Yet behind those names (Gamarue. Necurs. Rig … the list goes on) lurks one of the biggest threats to economic growth in Africa. Those are the names of just a handful of malware (malicious software) programmes and cyberthreats that have crippled businesses across the continent in 2017. On 12 May, more than 230 000 computers in 150 countries were frozen by WannaCry – ransomware that spread silently, shutting the computers down and encrypting their data until a ransom of US$300 worth of the digital currency Bitcoin was paid. WannaCry infected the UK’s National Health Service, global shipper FedEx, several global car factories and about 83 South African companies in the biggest malware attack on record.

    Also in May, online security blog Hackread reported that online restaurant search portal Zomato had been hacked, with the emails and password hashes of more than 17 million Zomato accounts offered for sale online.

    In June, cybersecurity firm Check Point Software Technologies exposed a malware named Fireball, which it claims has already infected more than 250 million computers worldwide, including 20% of corporate networks. Fireball is designed to hijack and manipulate the infected computers’ web traffic to generate advertising revenue. ‘It takes over target browsers, turning them into zombies,’ a statement issued by Check Point warned, adding that 38.43% of South Africa’s corporate networks had at least one infected machine in their network. In this particular case, the reported infection rates across other African countries were even higher, with Kenya at 51.56%, Nigeria at 59.02% and Angola at a staggering 73.08%.

    Fireball aside, Africa has a lot to worry about. According to Serianu’s Africa Cybersecurity Report 2016, African countries lost at least US$2 billion to cyberattacks last year, with Nigeria (US$550 million) and Kenya (US$175 million) among the hardest hit.

    Hoping to tighten internet security across the continent, the Internet Society and the AU Commission unveiled a new set of Internet Infrastructure Security Guidelines for Africa in June. These guidelines – the first of their kind in Africa – aim to help the continent create a more secure internet infrastructure, with actions set at a regional, national, ISP/operator and organisational level.

    The rise of smart phones across Africa is accompanied by a growing risk of cyberthreats

    ‘Africa has achieved major strides in developing its internet infrastructure in the past decade,’ Dawit Bekele, Africa regional bureau director of the Internet Society said at the launch. ‘However, the internet won’t provide the aspired benefits unless we can trust it. We have seen from recent experiences that Africa is not immune from cyberattacks and other security threats.’

    Part of the problem with malware is that it’s just so easy to use – and the rewards can be huge. As Claude Schuck, regional manager for Africa at software firm Veeam, recently told ITWeb: ‘The sheer size of the reward available can convince even people with impeccable moral standards to commit a crime. Suddenly there is a reason for rogue employees to take a risk. Those with intimate knowledge of a company’s business processes can purposely target systems containing its most precious data to ensure the organisation must pay significant amounts of money. Combine this with how the development of ransomware has become easier, [and] almost anyone with a computer can infect a company with malware and wait for the ransom payout.’

    That payout could be enormous… Or not. The WannaCry ransomware hackers made just US$50 000 in Bitcoin during their weekend of global havoc, according to CNBC reports, and the starting demand for all that stolen Zomato data was barely US$1 000 in Bitcoin.

    WannaCry was what’s known as an exploit kit (EK) – a piece of software designed to find and exploit vulnerabilities on machines in order to download and execute further malicious code. EKs had slipped off the malware radar, until Check Point noted a resurgence in worldwide EK threats early this year. In a media statement, Rick Rogers, Check Point’s area manager for East and West Africa, said: ‘The dramatic resurgence of exploit kits in March illustrates that older threats don’t disappear forever – they simply go dormant and can be quickly redeployed. It is always easier for malicious hackers to revisit and amend existing malware families and threat types rather than develop brand new ones, and exploit kits are a particularly flexible and adaptable threat type.’

    The WannaCry attack was spectacular in its scale, yet surprisingly unsophisticated in its execution. It was easily stopped using a built-in ‘kill switch’, and it was in many respects an old-fashioned EK, which worked by exploiting a vulnerability in old Windows operating systems. Microsoft had released a security update – so most of the infected computers were those that belonged to users who had not implemented standard one-click security updates for more than two months, or that were still running the outdated Windows XP operating system. Security updates for XP ended in April 2014. The WannaCry crisis was entirely avoidable, if only the computer users had bothered to download a free update of their software.

    ‘If we want to fight cybercrime in Africa we must urgently increase awareness of cybersecurity among citizens, users, non-governmental organisations, companies and government departments,’ Basie von Solms, from the Centre for Cybersecurity at the Academy for Computer Science and Software Engineering at the University of Johannesburg, warned at the recent Institute of Electrical and Electronics Engineers Experts in Technology and Policy Forum held in Windhoek.


    Von Solms insisted that cybersecurity-awareness programmes remain the most cost-effective solution against cyberattacks, warning that Africa’s US$100 billion mobile phone industry presents a major security risk.

    ‘As handsets and data become more affordable, mobile phones will become more accessible,’ he said. ‘This will change the way public services are delivered and how business and politics are conducted. While this will have advantages, the biggest consequence will be an increase in cybercrime.’

    Despite – or, more to the point, because of – the inevitable increase in cybercrime, the number of unfilled cybersecurity jobs is expected to rise to a massive 1.8 million over the next five years, according to a new (ISC)2 survey. The worldwide survey of 19 000 cybersecurity professionals found that 67% of respondents in the Middle East/Africa region – about the global average – feel they do not have enough employees to address the increasing level of threats.

    To Zusy, Gootkit, WannaCry and company, add the name Hajime. Researchers at cybersecurity firm Kaspersky call it ‘a mysterious evolving internet of things [IoT] malware that builds a huge peer-to-peer botnet’. Or, in other words, a computer virus that’s currently spreading through a global network of connected devices.

    ‘The botnet has recently been propagating extensively, infecting multiple devices worldwide,’ Kaspersky’s report claims. ‘To date, the network includes almost 300 000 malware-compromised devices, ready to work together to perform the malware author’s instructions without their victims’ knowledge.’

    Hajime has no attacking code or capability. All it does is infect devices (using mainly brute-force attacks on device passwords) and then lie in wait. Why? Nobody knows. Hajime’s ultimate purpose remains unknown – and that’s what makes cybersecurity experts so nervous.

    Late last year, malware called Mirai used a similar IoT method of attack to knock out internet platforms across wide swathes of Europe and North America, affecting services from Amazon.com and Airbnb to Twitter, Visa, PayPal and Netflix.

    ‘If the Mirai attack is still fresh in your minds, the fact that there are 300 000 malware-compromised devices, all ready to work as one to act under the instructions of their master without our knowledge, is a terrifying thought,’ Andrew Potgieter, director of security solutions at Westcon-Comstor Southern Africa, wrote in a recent statement. ‘While Hajime’s purpose is still unknown, it surely can’t be for the good of the world if it has been slowly growing in scale since it was first detected in October 2016.’

    As governments, businesses and device owners across Africa frantically get to grips with the growing threat of malware, Hajime provides a sobering reminder that the worst is yet to come. And this time, the name actually means something. In Japanese, Hajime means ‘beginning’.

    By Mark van Dijk
    Image: Gallo/GettyImages