Jonas Thulin, image supplied.
Advanced Persistent Threats (APTs), cyber attacks designed to steal sensitive information, are on the increase during South Africa’s tax season, according to Jonas Thulin, security consultant for Fortinet.
“The global scope of APTs is greater than most people realise. Because these attacks are typically launched through various channels over a period of time, they can be difficult to identify and can remain unperceived for years,” said Thulin.
“Many organisations are not in a position to withstand these sophisticated attacks with the traditional IT security defences they have in place.”
Thulin used Google, the Pakistan government, Iran’s nuclear enrichment plant, and the United States (US) Department of Defence as examples of large entities which have been victims of ATPs during the course of the last two years.
“South Africa has not been exempt. A number of cases have been reported, and many more have not – as most incidents are not reported on. As we move into tax season, local enterprises become more vulnerable, as tax related APTs are among the most popular corporate scams around in South Africa,” said Thulin.
Thulin said other attacks in South Africa target high earners’ bank accounts. These attacks were conducted through traditional phishing techniques, but since the introduction of one time passwords (OTPs) via SMS, newer and more sophisticated attacks have also been introduced.
The new attacks infiltrate a victim’s computer through spyware to steal bank account details and then target the victim’s mobile device using software, which is able to intercept the OTP SMS or perform a SIM swap.
In terms of how an APT is launched, Thulin said: “While each APT is customised for its intended target, the life cycle of every APT attack typically includes: choosing a target, investigating the organisation – its employees, applications and systems – and building a profile on potential human targets inside the organisation.”
He added: “The attacker then finds the appropriate techniques, such as social engineering or the distribution of an exploit through malicious emails, in order to plant remote access malware on one of the target’s computers. Once the attacker has gained a foothold inside a target’s network, an attempt is made to exploit vulnerabilities on other internal computers to gain further access to the network.”
This results in passwords, the network, databases, files, email accounts and other valuable data being accessible to the attacker.
Thulin said no single security feature exists to effectively stop an APT, thus it is important to have an effective defense strategy, which must be based on multiple layers of protection.
In addition to multi layered defence, it is advisable to set up a partnership with a reputable security provider, educate the end-user, enforce network segregation, deploying proactive patches, strict bring your own device (BYOD) policies, and two factor authentication for remote users or those accessing sensitive information.
“Every organisation should be concerned by the risk of APTs and adopt a multi layered defense strategy to prevent, or at least minimise, the impact of an APT,” said Thulin.