Cyber Criminals Migrate to Smartphones

The recent cyber-fraud suffered by PayGate and South Africa's four major banks shows how cyber criminals are posing an increasing threat to organisations and individuals.

PayGate acts as an intermediary for online shopping transactions between the banks and online vendors, and it suffered a breach in its security back in August. The company's has numerous clients including airlines, universities, Woolworths and accommodation booking websites and the breach put the credit card details of people who used those services at risk. Thankfully the illegal activity was detected early and the banks have reacted well, increasing monitoring of cards, phoning affected clients, issuing new cards and changing details where necessary. But the evidence of the increasing risk cybercrime poses is plain for all to see.

A recent report by professional services firm Deloitte highlights some of the key findings of its 2010 CSO Cyber Security Watch Survey, conducted in collaboration with CSO Magazine, the US Secret Service and the CERT co-ordination centre. The report states that cybercrime is now posing major strategic risks to South African companies. "Even cyber-security professionals are battling to cope,"the report says.

The recent cyber-fraud suffered by PayGate and South Africa's four major banks shows how cyber criminals are posing an increasing threat to organisations and individuals. PayGate acts as an intermediary for online shopping transactions between banks and online vendors, and it suffered a breach in its security back in August. The company has numerous clients including airlines, universities, Woolworths and accommodation-booking websites. The breach put the credit card details of people who used those services at risk. Thankfully the illegal activity was detected early and the banks have reacted well, increasing monitoring of cards, phoning affected clients, issuing new cards and changing details where necessary. But evidence of the increasing risk cybercrime poses is plain for all to see.

The risk of disruption is heightened as more services and products are offered on cellphone platforms, creating new opportunities for theft and fraud. Marthinus Engelbrecht, managing director of NewOrder Industries, a virtualisation partner for the South African Insurance Crime Bureau (SAICB), says that with the rise of smartphone attacks, end-users are targeted directly. "Attackers have improved their craft towards mobile banking attacks, with computer-based Trojan applications migrating to the smartphone market," says Engelbrecht.


RISKSA reported early last week on Norton's 2012 Cybercrime Report which says that every second, 18 adults become victims of cybercrime in South Africa. However, Engelbrecht believes this statistic is way off, and the actual figure is much higher.

Engelbrecht says the core focus for malicious hackers or cyber criminals is to get their hands on confidential data that equals money in the wrong hands. "If such persons with malicious intent can gain unlawful access to corporate entities, the loss of confidential data or client information can have a devastating financial impact. In some instances, it will result in companies closing doors," Engelbrecht explains.

What makes cyber-crime even more serious in South Africa is that it often goes unreported by corporations. There is presently no regulation that requires the reporting of cybercrimes. Many corporate victims simply do not acknowledge that their 'corporate defences' have been breached as they wish to avoid the potential loss of public faith in their institution.

Engelbrecht says cybercrime is getting very sophisticated, especially with the new smart device market. "Attacks have been redirected from your normal spam mail to targeted attacks against individuals and corporate entities. Sophisticated crime-ware development by hacker groups is on the rise, making targeted attacks easier for them," he says.

According to the February 2011 figures from the RSA Anti-Fraud Command Centre, South Africa is surpassed only by the USA and UK when it comes to volumes of phishing attempts. Cyber-crime has become a significant contributor to economic crime losses, and is now ranked the fourth most common crime after theft of assets, bribery and corruption and financial statement fraud.

And the insurance industry is also affected. "The insurance industry has been a target for hackers and cyber criminals for quite some time. There will be a definite increase in targeted attacks, and this will definitely have an impact on the insurance industry," says Engelbrecht.

The bottom line is that organisations must make use of cyber intelligence to develop capabilities that are able to deal with the threats they could face. Organisations must add tools that help them protect against possible threats and identify threats that could apply specifically to their companies.

"It's a scary notion, but simple human error is by far the most overwhelming Internet security threat," says Engelbrecht. Common sense takes a back seat to curiosity or bad judgment, which could potentially result in the loss of thousands, even millions of Rand, or at the very least, infect the device with a nasty virus or spyware.

"It cannot be stressed enough that the most effective way to protect yourself from the omnipresent threat of cyber-attacks is to keep your anti-virus or Internet security suite updated, and for your corporate entity, appoint specialists to look after your corporate security," Engelbrecht concludes.


Published By: www.risksa.com (Printed Material)
Published Date: November 2012