As hackers embrace AI, SaaS, African companies urged to revamp security

As hackers turn to the same advanced technology, including AI and SaaS (software as a service) applications, that has spurred digital transformation for legitimate organisations, African businesses face an increasing number of cyberthreats.

Harnessed correctly, AI can be trained to identify new types of malware, protect sensitive data and generate alerts for threats. But cybercriminals can also use the technology to up the scale and success of their social engineering attacks, security experts say.  When in the wrong hands, AI can enhance many of the social techniques cybercriminals currently employ to trick people into handing over sensitive data.

Hacking tools are also increasingly being offered as a service, just like many enterprise applications. The Thanos ransomware, for example, which uses the RIPlace technique to bypass most security methods, is just one of many ransomware tools that are being sold as a service.

AI can be used to improve cybersecurity, but malicious applications of AI are starting to emerge as cybercriminals use these technologies to mimic the practices of legitimate businesses, says Tatyana Shishkova, security expert at Kaspersky. While Africa is not necessarily considered a focus area for the more sophisticated types of cybercriminal activity such as targeted attacks or advanced persistent threats (APTs), less-sophisticated attackers learn from the more advanced attacks to enhance their own techniques, according to a recent Kaspersky report.

In the first half of the year in Africa, Kaspersky recorded 81 million cyberattacks in just three countries: Nigeria, South Africa and Kenya. It detected a 24.6% increase in cyberattacks in Nigeria, followed by South Africa with a 16.6% and Kenya with a 15.9% increase, according to the report.

“Malicious users can leverage AI to make their attacks more intelligent and to avoid detection from traditional endpoint solutions,” Shishkova says. “For example, AI can be used to trawl for sensitive information on individuals and organisations, as well as being used to create content that can pass through typical cybersecurity filters, like emails that appear to be written by humans. “

Security challenges on the home front

Over the last year or two, with the increase in people working remotely, the threat landscape has expanded exponentially, says Mark Walker, associate VP, IDC Sub-Saharan Africa. Before, smart corporates were quite capable of securing their core systems. “But when everyone started working from home, every remote worker essentially becomes a bit like a remote branch. What I mean is that with everyone accessing confidential records via their home Wi-Fi or the Wi-Fi at their local coffee shop, these connections aren’t typically as secure as they should be.”

For many, COVID-19 led to an unplanned (and unbudgeted for) increase in the remote work, explains Dr Maiendra Moodley, a Johannesburg-based security adviser to government. The focus on trying to address the needs of teams who were suddenly working remotely meant that CIOs had to find a balance between providing so much more with the same budget. This scenario lays the perfect foundation for a security breach because business leaders haven’t had enough time to research the best cybersecurity options, to successfully train their teams or to deploy the necessary security solutions to prevent a breach.

All of this can make one tempted to link the evolution of cyberthreats primarily to the pandemic, but Moodley believes that the real issue is the continued failure in many organisations to translate security into an integrated discipline. “The emergence of ‘new’ or ‘evolving’ threats will always be intrinsically linked to the growth of technology. This can be illustrated through the exploitation of social media to convincingly spread disinformation through deepfakes, or the integration of AI and bots which can be used by attackers for impersonation,” Moodley says.

When good tech helps bad people

Today’s illicit actors are leveraging emerging technologies like AI and deepfakes to outsmart and outpace humans, and to outwit outdated security systems, notes Dr Mark Nasila, chief data analytics officer in the FNB Chief Risk Office. The main driver behind this is that these technologies have been democratised to such an extent that they are available for anyone to use, including criminals. AI cyberattacks are becoming a rising security threat to both businesses and government agencies because they make it possible for criminals to automate their illicit activities, Dr Nasila says.

In 2019, one such attack saw the CEO of a UK-based energy firm accidentally paying US$243,000 to a hacker after receiving a call from his boss instructing him to do so. But he wasn’t talking to his boss. The criminals had actually used AI-based software to impersonate his boss’ voice and trick the CEO into making the fraudulent transfer. “Given the sophistication of modern attacks, security vendors need to keep up a massive R&D effort just to edge slightly ahead of malicious actors. It’s a race — while security vendors are working to keep things safe, criminals are working to break in,” Nasila says.

And in July this year, a highly sophisticated ransomware attack exploited multiple vulnerabilities in IT management software made by Kaseya. Because Kaseya’s customers include companies that provide IT support and cybersecurity services to small and medium businesses, the malicious software was passed to their customers as well. Companies in 17 countries, including South Africa, were hit by the attack perpetrated by Russia-based hacking group REvil.

We are currently experiencing an increase in technologically based, non-human attacks, says Walker. “Today, anyone can go onto the Dark Web, download some pretty scary malware, load it up and choose where they want to attack. You don’t even have to be very technologically astute to do this on an industrial scale. It’s all pre-packaged, which is very concerning.”

Ransomware attacks are particularly prominent on the African context, adds Walker.

Ransomware attacks cripple African entities

In August and September, two South African government entities — the Department of Justice (DOJ) and the SA National Space Agency (Sansa) — were hacked. The DOJ was hit by a massive ransomware attack, encrypting all the information systems provided by the department and leaving everything from their email to the DOJ website unavailable to internal employees and to the public. This came just a few months after South Africa’s state port operator, Transnet, was crippled by what is also believed to be a ransomware attack, bringing exports and imports to a near standstill.

In the beginning, ransomware used very random targeting to try to catch as many people as possible hoping that a relatively small amount of money to be paid in ransom, notes Kaspersky. But over the past five years, there has been a shift with attackers now focusing on specific companies and individuals where they can get the maximum benefit. The new approach of ransomware is to expose data, negatively impacting the reputation of a company.

“We need to remember that these guys — let’s call them the ‘dark side’ — make a living out of this. So they take it very, very seriously. Just as seriously, if not more seriously, than a corporate does,” Walker asserts. “We don’t have any idea just how much criminal syndicates are spending on tech. Guesswork suggests that they spend about the same as the white hat groups.”

Mitigating the high-tech threat

Business leaders must ensure that their security posture reflects their threat profile, advises Dr Moodley. And they must change their approach to cybersecurity. “Ensuring the implementation of security as a discipline as opposed to an add-on will ensure that business activities incorporate the necessary security measures.” Training across the entire business ecosystem is another essential step in making sure that there is a common and, more importantly, shared demonstrable understanding of security.

You can only put up so many fences before someone figures out a way to get in, agrees Walker, noting that it is critical to secure your business from the inside. Guarding against these high-tech threats demands that you get the human side of things right. “Make sure that your teams are trained so that they understand what is at stake.”

Dr Nasila believes that businesses must train employees to always think before they act. Cyber attackers are very good as pretending to be someone else — like a friend, family member or colleague — in order to gain a person’s trust and to get the individual to let their guard down. Employees must be trained to approach any emails that come to them unexpectedly with a healthy measure of suspicion, he adds.

It’s important to get the basics right, like keeping all software up-to-date, backing up data regularly, placing the necessary controls on employee activity and putting comprehensive security measures in place where possible, outlines Dr Nasila.

How to protect against the new wave of cyberthreats

To guard against cybercriminals who use emerging tech for ill gain, Dr Nasila suggests the following measures for African businesses:

Enhance communication channels: When a business is under attack by a cyberthreat, timing is of the utmost essence. The quicker you can organise your emergency management team, the better. The sooner you can transmit pertinent information to everyone in your network, the more likely you can reduce the risk or magnitude of the attack. By taking advantage of all forms of communication technology, your organisation can minimise the threat and set out on a corrective course more efficiently.

Use bot-detection programmes: One of the best ways in which bots can be countered is through the use of machine learning bot detection programs like Botometer, Tweetbotornot or IBM’s DeepLocker.

 Utilise AI and other technologies to enhance cyberthreat profiling: Make use of AI to enhance fact checking. Machine learning and algorithms are much more efficient than an individual or a team of people hired to check millions of tweets and social media posts that are generated each day. You may find that the same kinds of AI systems that create the problem in the first place are responsible for finding a solution.

 Have an integrated approach towards cyberthreat risk management: An integrated risk management approach recognises that each organisation faces unique sets of risks and threats and, as a result, must take a risk-centric (not compliance-focused) approach to security. This is especially important because cyberattacks enabled by technology keep evolving and getting more and more complex. An integrated approach enables identification of critical cyber-physical assets and assesses the impact of vulnerabilities that affect the assets in an organisation.

Have a multi-disciplinary approach towards creating awareness and minimising exposure to cyberattacks: This can range from better cybersecurity awareness training through to the use of zero-trust mechanisms and network segmentation techniques that make it harder for an AI-powered attack to spread. AI attacks promise a step change in attack volume and velocity, making it more important than ever for defence to keep up.

As cyber threats become smarter and more sophisticated, no organisation can afford to be complacent about cyber security, concludes Dr Nasila. “Today, businesses must always assume they are continually under attack from outside threats.”