SA is only seventh on the list of countries that have experienced the most number of ransomware attacks, despite it only having the 32nd largest gross domestic product in the world,” says Carlo Bolzonello, country manager for Trellix in South Africa.
This was revealed in Trellix’s Advanced Threat Research Report: January 2022, examining cybercriminal behaviour and activity related to cyber threats in the third quarter of 2021.
“There are several reasons why cybercriminals seem to prefer targeting South Africa, including that businesses may be paying the ransoms being asked of them, because they can’t afford the time or expertise to address the attack before it damages their operations,” he explains.
“The other leading reason is linked to that: we’re a soft target because we don’t have enough skills in the country to respond to cybercrime – which is exacerbated by corporates buying multiple point products, and not having the resources they need to integrate them and manage them effectively.”
Bolzonello adds that corporates integrating into an open ecosystem that allows quicker response times to address and remediate threats via an open XDR API-driven platform, are likely to be able to withstand ransomware threats more effectively.
Among its findings, the research reports that despite a community reckoning to ban ransomware activity from online forums, hacker groups used alternate personas to continue to proliferate the use of ransomware against an increasing spectrum of sectors – hitting the financial, utilities and retail sectors most often, accounting for nearly 60% of ransomware detections.
“While we ended 2021 focused on a resurgent pandemic and the revelations around the Log4j vulnerability, our third-quarter deep dive into cyber threat activity found notable new tools and tactics among ransomware groups and advanced global threat actors,” said Raj Samani, Chief Scientist and Fellow at Trellix.
“This report provides greater visibility into the use and abuse of ransomware group personas, how nation state APT actors seek to burrow deeper into finance and other critical industries, and new Living off the Land attacks exploiting native Microsoft system tools in new ways.”