South Africa experienced the single longest-running cyber-attack campaign from July 8-15, 2019 in any region during this quarter; the campaign employed a complex and varying array of generic Trojans, significant threats, exploits and file types.
It is almost certain that an organized criminal group or Advanced Persistent Threat (APT) carried out these campaigns given the resources and effort it would require to sustain this level of determined attack over this long a period.
Nanobot, Loki and Remcos were the most significant threats deployed against the sector; they were utilized in concert with a range of generic Trojans which included types specific to attacks on this region in this quarter. South Africa detections contained ZIP files – the most detected file type containing malware – as well as RAR files.
Predictions from the Mimecast Threat Centre:
Threat actors will continue to favour compressed file formats as a basic first tier of obfuscation.
Voicemail impersonation will grow as an innovative means of attack.
Transportation, infrastructure and logistics will remain a priority target.
Widespread adoption of 5G and the proliferation of IoT will lead to more sophisticated malware and higher attack volume.
The Mimecast Threat Centre recommends:
Adopt a stance stressing the importance of security controls and resilience in the face of ever-evolving threats. With the spectre of a cyberattack that ransomware poses, now is the time for organizations to seriously consider their ability to recover from a successful attack when it happens to them and consider in detail how the organization might continue “business as usual” under circumstances where there is a potential recovery time of six months and the loss of crucial data.
Increase user awareness and keep users informed on current, prevalent threats; this should be a priority to avoid the risk posed by simple human error. Indeed, this is of paramount importance now, given the mounting risk around impersonation attacks and voicemail phishing attacks.
For more information, please visit www.mimecast.com.
All information from Mimecast Service Limited – Threat Intelligence Report