Source: IOL

Security researchers have found that phishing emails are more likely to originate from certain countries in parts of Eastern Europe, Central America, the Middle East, and Africa.

The country where emails originate and the number of countries they are routed through on the way to their final destination offer important warning signs of phishing attacks.

For the study, researchers at cloud-enabled security solutions provider Barracuda Networks teamed up with Columbia University researchers.

They examined the geolocation and network infrastructure across more than two billion emails, including 218,000 phishing emails sent in the month of January 2020.

In phishing attacks, attackers use social engineering tactics to lure victims into providing personal information such as usernames, passwords, credit card numbers, or banking information.

Thus, to detect the same, the entire focus should be on the content of phishing emails and the behaviour of attackers.

As phishing attacks become more complex, increasingly sophisticated methods are required to defend against them.

After analysing the geography of phishing emails and how they are being routed, Barracuda researchers identified that over 80 per cent of benign emails are routed through two or fewer countries, while just over 60 per cent of phishing emails are routed through two or fewer countries.

Senders that produce a higher volume of phishing emails (more than 1,000 emails in the dataset) with a higher probability of phishing originated from countries or territories including (in descending order) Lithuania, Latvia, Serbia, Ukraine, Russia, Bahamas, Puerto Rico, Colombia, Iran, Palestine and Kazakhstan, said the study.

These are some of the territories from where senders produce a higher volume of phishing emails with a higher probability of phishing.

“With phishing attacks expected to play a dominant role in the digital threat landscape and cybercriminals adjusting their tactics to bypass email gateways and spam filters, it’s crucial to have a solution that detects and protects against spear-phishing attacks, including brand impersonation, business email compromise, and email account takeover,” Murali Urs, Country Manager of Barracuda India, said in a statement.

“Deploy a solution that doesn’t rely on malicious links or attachments but uses machine learning to analyse normal communication patterns within an organisation to spot anomalies that may indicate an attack.”

Meanwhile, employees should be provided up-to-date awareness training for recognising attacks and knowing how to report them to IT right away, Barracuda Networks said.

 

By Loyiso Sidimba for IOL

The Labour Court has ordered the dismissal of an employee who refused to self-isolate and continued working despite testing positive for Covid-19.

Labour Court Judge Edwin Tlhotlhalemaje overturned the Commission for Conciliation, Mediation and Arbitration’s (CCMA) decision to hand Eskort assistant butchery manager Stuurman Mogotsi a final written warning.

Mogotsi was found guilty in the internal disciplinary process and fired in September last year.

However, after referring an unfair dismissed case at the CCMA he was handed a final written warning and reinstated.

Eskort approached the Labour Court to challenges the CCMA ruling.

The CCMA had found that Eskort’s disciplinary code and procedure called for a final written warning in such cases and failed to justify the sanction of dismissal and ruled that Mogotsi must be reinstated retrospectively, without back-pay and given a final written warning.

On March 18, Judge Tlhotlhalemaje reviewed and set aside the CCMA award and substituted the ruling with an order that Mogotsi’s dismissal was substantively fair.

Mogotsi had been found guilty of gross negligence in that after receiving his Covid-19 test results, which were positive, he had failed to self-isolate, continued working for three days and put the lives of his colleagues at risk.

In the three days he continued working after testing positive for Covid-19 he failed to follow workplace health and safety protocols and to adhere to social distancing and personally came to work to hand in a copy of his results.

Judge Tlhotlhalemaje described Mogotsi’s actions of not informing his employer about his results, hugging fellow employees, walking around his workplace without a mask as extremely irresponsible in the context of the Covid-19 pandemic, and therefore grossly negligent.

“For reasons which are clearly incomprehensible, Mogotsi had through his care-free conduct, placed everyone he had been in contact with whether at the workplace or at his residence at great risks,” reads Judge Tlhotlhalemaje’s ruling, for which he delivered reasons on March 28.

In his defence, Mogotsi claimed he did not know that he needed to self-isolate, despite being a member of the in-house Coronavirus site committee.

After testing positive Mogotsi was found hugging a fellow employee who had undergone a heart operation five years earlier and had recently experienced post-surgery complications.

”In the midst of all the monumental harm he had caused, and which was clearly foreseen, Mogotsi could only come up with the now often used defence that he was victimised. At no point did he show any form of contrition for his conduct,” Judge Tlhotlhalemaje found, adding that Mogotsi was not only grossly negligent and reckless, but also dishonest.

The judge described the facts of the case as “indeed extraordinary”.

 

Source: OFM

More than 40% of victims of ransomware attacks in South Africa pay the cybercriminals responsible to try to secure or recover their data. But in many cases, the crooks simply disappear with the money.

This is according to a new report from security firm Kaspersky, which said 42% of local ransomware victims coughed up money to recover their data.

Whether they paid or not, only 24% of victims were able to restore all their encrypted or blocked files following an attack. Sixty-one percent lost at least some files; 32% lost a significant amount; and 29% lost a small number of files. Meanwhile, 11% who did experience such an incident lost almost all their data, Kaspersky said.

According to TechCentral, Marina Titova, head of consumer product marketing at Kaspersky, said handing over money doesn’t guarantee the return of data, and only encourages cybercriminals to continue the practice. Kaspersky always recommends that those affected by ransomware should not pay as that money supports this scheme to thrive.

By Wendy Tembedza for Webber Wentzel

​​​All businesses with employees, customers and suppliers must comply with POPIA, which comes into effect on 1 July 2021. Here’s a practical guide to the most important aspects.

With the commencement date of the Protection of Personal Information Act 4 of 2013 (POPI) of 1 July 2021 fast approaching, businesses should be reviewing their use of personal information to determine if it complies with the Act. It is important to understand that any business that has employees, customers and suppliers must comply with POPI when dealing with personal information. Below are a few tips on ways businesses can kick-start their compliance exercise.

Figure out what personal information you process and why
Under POPI, a business must be able to justify why it holds personal information based on one of the several justifications set out in POPI. This is a good opportunity for a business to assess what information it collects (whether from employees, customers, services providers or other third parties such as credit bureaus) and review whether that information is actually necessary for the purposes for which it was collected. In this regard, minimality is key – business should not collect more personal information than is required. Importantly, the term “personal information” is defined very broadly to mean any information that can be used to identify an individual person or another business entity.

Get rid of what you don’t need
Under POPI, a business cannot keep a record of personal information once the reason for which it was collected no longer exists, unless required by law. For example, unless required by law, a business should not keep personal information of any former supplier when the relationship has ended. Businesses should therefore check whether they are holding onto any old records of personal information that they no longer need and dispose of them in a secure manner. It is important to note that more data means more risk and it is best to purge what is not required.

Look at security
Correct management of personal information means appropriate security must be in place to protect it. POPI requires a business to put in place “appropriate, reasonable technical and organisational measures” to prevent loss, theft or damage to personal information. The suitability of security measures will depend on the business and the type of personal information it holds.

Marketing
Opt-out marketing emails and SMSs are a thing of the past under POPI. Unless a person is an existing customer, a business cannot send him or her marketing emails or SMSes without first getting consent from the person. Any request for marketing consent must include language that is set out in Regulations to POPI. Businesses should therefore review their direct marketing practices.

Go for the easy-wins
POPI compliance may seem like a daunting task but there are some “easy wins” when it comes to compliance. ​Basic documents used by the business will likely need updating for POPI compliance. These include company privacy policies and employee and supplier contracts. All of these documents should aid the business in proving its compliance with POPI.

By Se-Anne Rall for IOL

Traffic officers will now be issued with body cameras to support them in gathering evidence and improving conviction rates for violations of traffic laws.

This is according to Transport Minister Fikile Mbalula, who announced that the Road Traffic Management Corporation will also be investing in drones which will help in identifying hazards on the road as well as help officers identify reckless drivers and those driving at high speeds.

According to a statement from the Department of Transport, the cameras will be a useful tool in dealing with high levels of bribery by providing a factual account of events.

The official launch was held today in the North West ahead of the Easter weekend when high traffic volumes are expected.

The department said the RTMC has taken a giant leap towards reinventing law enforcement by introducing a lasting solution to many law enforcement problems in the form of a body-worn camera to be used by officers.

“This use of e-enforcement will not only bring about much-needed relief to the fraternity but will also enhance road safety for all road users, especially motorists,” the statement read.

RTMC chief executive advocate Makhosini Msibi said the cameras would help to alleviate allegations of corruption.

“This should be welcomed by both road users and law enforcement. For evidence purposes, we now have footage and not hearsay evidence,” he said.

 

New app aims to hold SAPS accountable

Source: Corruption Watch

Corruption Watch (CW), in response to the many whistle-blower complaints it has received on police corruption, and inspired by its engagements with communities experiencing police violence and abuse, has launched an interactive open data tool – Veza (a colloquial term for ‘reveal’ or ‘expose’). The first of its kind in South Africa, Veza improves transparency in policing in the country, and places the power to hold the South African Police Service (SAPS) accountable in the hands of the public.

The stand-out advantage of this innovative tool is its ability to equip a wide range of people, from researchers, journalists, activists and communities to the public at large, with the knowledge and insight to demand better and more accountable policing.

The Veza tool provides information at national, provincial and district level. It features interactive maps of police corruption trends and hotspots, information relating to the public’s rights when encountering the police in various situations, and data on all 1 150 police stations across the country, such as locations, resources, budget and personnel. It also enables users to rate and review police stations based on personal experiences, to compare resources of up to four stations, to commend honest and ethical police officers, and to report incidents of corruption and police misconduct that are immediately geo-located through the tool.

“Since Corruption Watch’s inception in 2012, innovation has always been central to our approach in addressing systemic and pervasive corruption in South Africa,” says Kavisha Pillay, head of stakeholder relations and campaigns at Corruption Watch. “The launch of the Veza tool signifies a new era for Corruption Watch as we explore how transparency, big data and accessible technology can be used to combat corruption and advance broader social justice issues.”

This technological offering was made possible by CW’s selection at the end of 2018 as one of four winners of the Google Impact Challenge, which aimed to encourage local innovators to solve a social problem using technology. The support from this grant and other donors enabled the CW team to develop an idea to address the specific problem of police misconduct and abuse of power.

Veza is designed to encourage public participation in the matter of transparency in policing, while also providing access to key information about police operations. Its use will help to strengthen the role of the public and civil society in calling for change in the SAPS, and in reducing the power imbalance that exists between the SAPS and members of the public.

It also provides an opportunity for the SAPS and other government structures to embrace the concept of open data and public access to information – this will go a long way to restoring public confidence in the vital role that they play in the country. Members of the police service can themselves benefit from the use of the geo-location feature that highlights hotspots of corruption, and gain valuable insight into the allocation and use of resources of their own police stations.

The data used to populate the Veza tool was obtained directly from the SAPS through the submission of a number of applications under the Promotion of Access to Information Act. The collection and verification of data is an ongoing process, and the team is continually working to address the current gaps in information from specific provinces, districts and individual police stations by applying pressure to the necessary bodies to disclose the relevant information, which is in the public interest.

The power of the Veza tool is in the extent to which it is adopted by the public, as the more it is used and information shared, the more involved they will become in how their communities are policed and protected around the country.

By Hanno Labuschagne for MyBroadband

The Automobile Association of South Africa (AA) has lambasted renewed claims from SANRAL that the non-payment of e-tolls would result in motorists being unable to renew their vehicle licence discs.

“The South African National Roads Agency Limited’s (SANRAL) insistence at the weekend that the non-payment of e-tolls will result in motorists being unable to renew vehicle licence discs is outrageous, dishonest and irregular,” the association stated.

The AAA was responding to a report in the City Press, in which the newspaper cited a section on the SANRAL website pertaining to outstanding toll fees which had to be settled before the renewal of a vehicle licence disc:

The non-payment of toll may result in road users not being issued with their vehicle license disc, upon renewal of the vehicle license. Road users will be able to renew licences, but the disc itself will be withheld until the outstanding toll related infringements have been settled.

The AA said the inclusion on SANRAL’s website was not new, but it remains up and is referenced by SANRAL as its position on non-payment of tolls despite the fact that government still has to pronounce on the future of e-tolls in Gauteng.

“This paragraph gives the impression that the issue of e-tolls is finalised when, in fact, it is still very much in the air,” the AA said.

“By suggesting through this wording on their website – and alluding to such in interviews – that this is a done deal, SANRAL is again demonstrating how desperate it is to coerce the public into paying for something they have taken a principled stand against paying,” the AA stated.

The AA said that the resurfacing of this issue again raised questions about how SANRAL interacts with the public, apparently preferring a heavy-handed approach to one genuinely interested in resolving the issue through the proper channels.

In addition, any efforts at debt collection contradict SANRAL’s earlier position that it was suspending efforts to pursue outstanding debt until a resolution on the future of e-tolls is announced.

Pre-empting the Minister
The AA said that the way forward on e-tolls was still the subject of consultations between the AA, various organisations, and the Minister of Transport.

It was thus gravely concerned that SANRAL perpetuated misinformation about tolls and discs while the Ministry was yet to pronounce on the matter.

“A resolution to the e-toll issue, specifically that relating to the Gauteng Freeway Improvement Project (GFIP), was to be given at the end of April last year,” the AA said.

“That was postponed with the end of March this year now being tabled as the date on which an announcement regarding the future of e-tolls will be made,” the AA stated.

The AA said it appeared that SANRAL was attempting to pre-empt any announcement by the Minister on his decision regarding the future of e-tolls, and impose its own regulations on the public, completely ignoring the other process.

According to the Association, research provided by the Ministry of Transport conducted among Gauteng motorists found that “no amount of cajoling or threats of legal action would convince the more than 80% of non-payers to change their minds”.

“The evidence is quite clear and irrefutable: motorists have taken a principled stand against e-tolls, and they simply won’t pay outstanding, current or future fees. They have wholly rejected e-tolls and will not participate in any collection scheme,” the Association said.

The AA repeated its previous calls to SANRAL to adopt a more consultative, approachable stance towards motorists in Gauteng, rather than attempt to bully them into compliance.

“Letters of demand, ultimatums, pronouncements out of turn, and other legal threats such as listing at credit agencies are alienating the public; their actions are arrogant, misguided, and unfortunate, and will not solve any problems,” the Association said.

 

Source: News24

A group of heavily armed robbers attacked a DSV courier van outside MTN’s head office in Johannesburg.

The incident happened on Friday when the vehicle arrived at the security boom outside the entrance to the office complex, Mthokozisi Ndlovu, public relations manager at MTN, told News24.

“Two cars, a silver BMW and a white double-cab, arrived while the courier van was being granted access. They opened the doors and started telling everyone to get down,” Ndlovu said.

DSV had employed additional security to escort the van to its destination. In CCTV footage of the incident, a white car, with security personnel, can be seen following the delivery vehicle.

The perpetrators opened fire on the escort car, wounding three DSV security guards, Ndlovu said.

In a statement, MTN said the three guards survived and are recovering.

The telecommunications company is also providing trauma counselling to the employees present during the incident.

Ndlovu said the boxes of handsets were unloaded from the courier van into the double-cab bakkie.

The value of the items was not disclosed.

“This is the first incident this year. We had issues with security in 2017 and 2018, but since then we have seen a decrease,” he told News24.

By Theto Mahlakoana for EWN

The Competition Commission said that two companies partnered to overcharge the police by over R14-million when supplying it with 10 000 units of 25-litre hand sanitisers.

In its opening remarks at the competition tribunal hearing underway virtually, the entity’s Maya Swart further claimed that the companies – Bluecollar Occupational Health and Ateltico Investments – gained excessive profits by adding a gross profit margin of 54%.

This was one of several cases which were before the commission over COVID-19 excessive pricing.

Swart said that Bluecollar’s massive overcharge was not even comparable to the Dis-Chem price gouging matter which was heard last year.

READ: Dis-Chem found guilty of contravening Competition Act over face mask prices

The company – described by its lawyers as a small business which had no prior experience in dealing with hand sanitisers – is accused of charging the police excessive prices for bulk sanitisers between March and April of last year.

The commission claims that Ateltico funded Bluecollar for the procurement of the sanitisers with a view of splitting the profits 60/40.

Swart explains: “That’s an overcharge of R1,433.69 per unit. That’s a massive overcharge when you compare it to other price gouging cases.”

The companies have disputed the commission’s version of events, saying that the prices included transportation among other costs.

 

Spy pixels in e-mails have become endemic

By Leo Kelion for BBC

The use of “invisible” tracking tech in e-mails is now “endemic”, according to a messaging service that analysed its traffic at the BBC’s request.

Hey’s review indicated that two-thirds of emails sent to its users’ personal accounts contained a “spy pixel”, even after excluding for spam.

Its makers said that many of the largest brands used email pixels, with the exception of the “big tech” firms.

Defenders of the trackers say they are a commonplace marketing tactic.

And several of the companies involved noted their use of such tech was mentioned within their wider privacy policies.

Emails pixels can be used to log:

  • If and when an email is opened
  • How many times it is opened
  • What device or devices are involved
  • The user’s rough physical location, deduced from their internet protocol (IP) address – in some cases making it possible to see the street the recipient is on
  • This information can then be used to determine the impact of a specific email campaign, as well as to feed into more detailed customer profiles.

Hey’s co-founder David Heinemeier Hansson says they amount to a “grotesque invasion of privacy”.

Without special software, it is not easy to spot which emails contain a tracking pixel.
And other experts have also questioned whether companies are being as transparent as required under law about their use.

Invisible beacons
Tracking pixels are typically a .GIF or .PNG file that is as small as 1×1 pixels, which is inserted into the header, footer or body of an email.

Since they often show the colour of the content below, they can be impossible to spot with the naked eye even if you know where to look.

Recipients do not need to click on a link or do anything to activate them beyond open an email they are embedded in.

British Airways, TalkTalk, Vodafone, Sainsbury’s, Tesco, HSBC, Marks & Spencer, Asos and Unilever are among UK brands Hey detected to be using them.

But their use was much more widespread despite many members of the public being unaware of it, said Hansson.

“It’s not like there’s a flag saying ‘this email includes a spy pixel’ in most email software,” he added.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top