Image credit: cape talk
South Africa’s public sector faced a challenging year in 2024 as cyberattacks disrupted critical infrastructure and exposed the growing vulnerabilities in government systems.
The attacks highlighted the need for stronger cybersecurity measures as the country battled data breaches, ransomware attacks, and extortion schemes.
Here’s a breakdown of the key incidents and what they mean for South Africa’s digital security landscape.
Cyber Extortion on the Rise
South Africa experienced a sharp rise in cyber extortion incidents, with cases increasing by 107% between Q2 2023 and Q1 2024, according to Orange Cyberdefense. Globally, Africa saw the second-highest increase in cyber extortion cases during this period.
Adding to the pressure, South Africa ranked 14th globally for data breaches, with an average recovery cost of R49 million per breach, as reported by Allianz in its 2024 cybersecurity report. These breaches often stemmed from ransomware attacks, where cybercriminals encrypted sensitive data and demanded payment for its release.
Sophos’ 2024 report on ransomware revealed that the average ransom payment in South Africa was R17.9 million, with recovery costs reaching R19.44 million, excluding ransom payments. The financial impact highlights the severe challenges organizations face in recovering from such attacks.
South Africa is also among the African countries that attract the most interest from threat actors and the most listed on the dark web according to Positive Technologies.
Also read: Overview of Africa’s Cyber Threat Landscape in 2024
Major Cyberattacks in the Public Sector
1. Government Employees Pension Fund (GEPF)
In February, the Government Employees Pension Fund (GEPF) suffered a ransomware attack. Initially, GEPF claimed no data had been compromised, but this was later proven false when the ransomware group LockBit released 668GB of stolen data in March. This breach exposed the agency’s sensitive information and forced it to shut down systems temporarily as a precautionary measure.
2. Department of Public Works and Infrastructure (DPWI)
The DPWI faced multiple breaches in March, April, and November, resulting in an estimated loss of R55 million. The attacks targeted the department’s Sage financial system, which critics argue was unsuitable for government use. The system’s vulnerabilities led to significant financial losses and raised questions about the department’s decision-making.
3. National Health Laboratory Service (NHLS)
In June, the BlackSuit hacking group targeted the NHLS, stealing 1.2 terabytes of data, including patient information and third-party data. The attack forced the NHLS to shut down its IT systems, affecting email services, its website, and access to patients’ lab test results. Large portions of data, including backups, were erased, though there was no evidence that patient records had been deleted.
Also read: Kenya Recorded 114 Cyber-Attacks on Critical Infrastructure in 2024
Law Enforcement and Collaboration
Despite these challenges, efforts are underway to combat cybercrime. According to Dominic White, MD of Orange Cyberdefense South Africa, collaboration between law enforcement and cybersecurity professionals is yielding results. He emphasized that prosecuting cybercriminals can significantly reduce the frequency of attacks.
One success story was Operation Jackal, an international operation coordinated by Interpol in 2022, which targeted the Black Axe gang. The gang is linked to global financial fraud schemes. In South Africa, two high-level members were arrested, helping reduce phishing attacks and preventing potential scams. Globally, the operation resulted in 75 arrests, 49 property searches, and the recovery of millions of dollars.
In 2024, Interpol performed a similar operation in Africa and got 1,006 suspects arrested, 134,089 malicious infrastructures destroyed and to close to $ 44 million (USD) monetary value being recovered.
The proliferation of cyberattacks in South Africa highlights the importance of vigilance and collaboration in protecting digital assets.
Source: MyBroadband
About Author
