Cyber ​​attacks crack the government


By Charné Mostert

The prevalence of spyware attacks in South Africa shows a significant increase of more than 20% in 2023. Most of these reported attacks are aimed at government websites and systems, which has the potential to cause significant instability in the national security framework of South Africa. to cause Africa.

The fundamental principle of national security states that a nation has the ability to protect the well-being of its citizens. If government systems are infiltrated by malicious agents, including hackers, malware (malicious software) or cyber attackers, the underlying principles of national security will be seriously compromised.

Large scale damage

Initial consequences include the potential for large-scale misuse of sensitive content on digital government platforms containing classified information and citizens’ personal data. These abused databases can be used by hackers to reveal sensitive material or, in a more serious scenario, to collaborate with government agents to suppress evidence or manipulate official documents to make them inconspicuous.

Given South Africa’s difficult economic landscape, the consequences of a significant cyber attack could seriously weaken the country’s financial situation. These attacks therefore highlight the urgent need for the government to take steps to counter the growing concern about cyber attacks.

The scale of potential damage is further exacerbated by the disruption of critical services, which includes data breaches, service interruptions and perhaps even loss of life within crucial sectors. Ensuring cyber security for basic infrastructure is essential in order to prevent cyber attacks from significantly harming the country’s economic stability, national security and essential services.

Public trust also damaged

Instances of inaction or inadequate response to cyber-attacks weaken the public’s faith in the government’s competence, and this leads to anxiety and uncertainty among citizens.

As an example of this concern, reference can be made to the case of the South African National Prosecuting Authority, which needed 13 years to successfully prosecute the hacker Bruce Owen. Owen illegally obtained R600 000 from the education department in 2010, a situation that came to light when the department traced 14 different transactions that were channeled to an unknown destination. Owen was eventually sentenced to three years in prison for theft on August 24, 2023.

That the legal process took so long raises questions about possible obstacles to effectively tracking down perpetrators, as well as whether the legal system understands the complex nature of modern cyber security investigations. The complexity of these investigations requires the allocation of enormous amounts of resources, something that may have been lacking in this case, and may have contributed to the legal proceedings taking so long.

Ransomware now popular

Cyber ​​attackers are increasingly using ransomware as a prominent attack method. Ransomware, commonly known as a form of malware, actually encrypts government files, making these files inaccessible unless a set ransom is paid to the malicious entities in exchange for decryption.

According to the report entitled “The State of Ransomware in South Africa 2023” by Sophos, no less than 78% of South African organizations have come under ransomware attacks in the previous year.

A significant ransom incident involving the South African Department of Defense apparently took place on 21 August 2023. The group claiming responsibility for this identifies themselves as SNATCH. This group uses a multi-layered approach that combines ransomware and data exfiltration elements. The malware then launches direct attacks against vulnerable applications within the target organization.

Apart from this action, the SNATCH group also claimed on a Telegram group that South Africa’s President Cyril Ramaphosa is “the primary arms profiteer of the African continent”. Furthermore, the group made serious allegations regarding the South African government’s involvement in illegal arms trade, citing the flow of substantial sums to large companies involved in the arms trade as evidence of money laundering operations.

The group’s actions also appear to have led to the unauthorized disclosure of highly sensitive information, which includes private contacts of President Ramaphosa, military officials and senior ministers. This breach also reportedly involved the disclosure of approximately 1.6 terabytes of classified data.

Restore trust

Consequently, it remains a mandate for the government to do everything in its power to protect its voters from potential threats. The onus is on the government to restore and strengthen trust through transparency, effective communication and proactive measures aimed at increasing cyber security. Given the seriousness of these threats, a three-pronged response strategy is essential for effective countermeasures by the government.

Competent information technology personnel must work with government entities to impart knowledge to staff members, ensure ongoing training programs and software updates to prevent cross-system threats, and administer specialized training within government structures to raise awareness.

While this approach is unlikely to eradicate cyber attacks, it will certainly fortify government systems against such threats and increase the vigilance of both staff and the public. Through such comprehensive measures, the preservation of highly valuable data will be closely maintained, and it will ensure the comprehensive protection of sensitive or vulnerable systems.

  • Charné Mostert is a campaign officer at AfriForum. She has an honors degree (cum laude) in international politics and is currently working on her master’s degree in security studies at the University of Pretoria. Charné usually publishes contributions on X (formerly Twitter), LinkedIn and TikTok.