Source: Jacaranda FM

The Hawks in Gauteng have arrested a second person in connection with a Cell C tender scam worth an estimated R130-million.

Gauteng Hawks spokesperson Ndivhuwo Mulamu says 39-year-old Adriraan Pillay was arrested in Germiston on Friday.

“It is alleged that Pillay and his co-accused, Ismail Adanjee Mohamed, 44-years-old, were both Information Technology (IT) executives at one of the well-known South African mobile network service providers.

“They allegedly colluded with a director of a contracted entity responsible for IT and network service provider, falsely inflated invoices which resulted in an actual loss of over R130 million from 2012 to 2019,” she said.

Adamjee was released on R50 000 bail by the Johannesburg Specialised Crimes Court last month.

Pillay appeared in the Palm Ridge Specialised Commercial Crime Court on Monday where he was also granted R50 000 bail.

Mulamu said the case is postponed to 14 April 2021 where he will be joining his co-accused, Mohamed.

 

Source: CNBC Africa

South Africa’s Nedbank denied any wrongdoing on Monday after three local news sites reported on its links to a scandal that led to large losses at public entities, sending the bank’s shares down almost 9%.

Investigative outlet amaBhungane, the Daily Maverick and News24 said Nedbank paid billions in rand in fees to a company called Regiments Capital for involving it in deals that lost money for municipalities and state-owned companies.

The article published by the three news sites said the commissions were often not disclosed to clients Regiments was supposed to be advising impartially and that Nedbank knew or should have known this, among other allegations.

In a statement responding to the article, Nedbank said there was nothing unlawful or unusual about its relationship with Regiments, although with hindsight it might have acted differently.

“Our internal and external reviews confirmed that Nedbank has at no time acted unlawfully in its dealings with Regiments and the affected counterparties,” Nedbank said.

An email to the address on Regiments’ website seeking comment bounced back, while a call to the number on its website went to the voice mail of another firm. Reuters could not immediately reach any legal representatives for Regiments.

Nedbank shares closed down 8.87% versus a 1.9% decline for the South African banking index.

4m African web addresses have been stolen

Source: Business Insider SA

More than four million IP addresses have been misappropriated in what has been called Africa’s greatest internet heist. The extent of the theft, which first drew red flags back in 2016, has now been fully uncovered, revealing a trail of corruption, coverups, and a burgeoning black-market trade.

The results of an internal audit undertaken by the African Network Information Centre (AFRINIC) have finally been made public after almost two years of waiting. AFRINIC, which is responsible for the allocation and management of IP addresses on the continent, began its investigation after being contacted by the United States’ Federal Investigation Bureau (FBI) in 2019.

Four years before the FBI drew attention to the numerous anomalies – and the Supreme Court of Mauritius, where it is headqaurtered, served AFRINIC with an order to investigate – the information centre was tipped off by internet investigator Ron Guilmette.

Guilmette’s collaboration with local tech publication, MyBroadband, resulted in a report which implicated AFRINIC co-founder and engineer Ernest Byaruhanga as the mastermind behind the heist.

In total, 4.1 million IP addresses were stolen, 2.3 million from AFRINIC’s “free pool” and a further 1.7 million “legacy” IP addresses. They were worth around R1.3 billion, according to MyBroadband.

An IP, or Internet Protocol, address allows devices to communicate with each other, by assigning a unique number to each device.

The current generation IPv4 addresses are, however, in seriously short supply. This shortage has, in turn, made IP addresses valuable.

AFRINIC tracks and manages IP addresses through the WHOIS system, which, as the title describes, records who or what is using a specific address. As part of its latest report on the theft, AFRINIC admits that its WHOIS database was severely compromised by internal staff who “acted in collusion with other third parties”.

IPv4 addresses, which were already reserved and in use by major organisations, were effectively hijacked and sold. These reappropriated IP addresses were used to forward spam, breach data records, and compromise websites.

Dozens of South African-based companies and organisations were impacted.

The Free State Department of Education and Anglo American both lost IP addresses to the value of almost R20 million, while the now-defunct Infoplan, which previously managed the Department of Defence’s information systems, was the worst hit, losing addresses worth approximately R80 million.

Three whole IP blocks, equating to almost 200,000 individual addresses, belonging to Woolworths were misappropriated. MyBroadband estimates the value of these stolen addresses to exceed R58 million.

Similarly, three IP blocks belonging to Nedbank – historically associated with Cape of Good Hope Bank Limited, Syfrets, and NBS Bank – were also part of the heist.

Other major South African organisations which had their IP addresses misappropriated include Nampak, Sasol, the City of Cape Town’s Directorate of Information Services, Transnet, and Independent Media’s Argus Holdings.

Approximately 1.5 million IP addresses have been reversed or reclaimed as part of AFRINIC’s audit. Most other addresses are still pending, as the result of a review process determining rightful custodianship.

 

By Simnikiwe Mzekandaba for ITWeb

Some cyber security experts say the South African Revenue Service’s (SARS’s) decision to introduce a Web browser that supports defunct Adobe Flash Player has “severe” cyber security implications.

Citizens have also taken to social media to express their dismay at the revenue service’s decision to roll out a browser that enables Flash Player.

This week, SARS announced the release of an alternate SARS browser solution, as it tries to deal with the aftermath of the delay in migrating all eFiling forms from Adobe Flash to its chosen HTML5 platform.

In its statement, the tax collecting agency says taxpayers will be able to complete and submit the Flash-based forms not migrated to HTML5, in the interim, while it completes the migration.

“The SARS browser enables access to all eFiling forms, including those that require Adobe Flash, thus maintaining compliance with your filing obligations.”

SARS adds that existing Web browsers such as Chrome and Edge will continue to work for all forms already migrated.

Desperate measures
Even though software company Adobe announced in July 2017 that it will stop supporting Flash Player post 31 December 2020, SARS has been behind in completing the migration process.

As a result of the disruption caused by the migration holdup, last week the taxman said it would implement some remedial actions to assist taxpayers still experiencing issues.

At the time, the taxman didn’t point to a SARS browser among its list of solutions to deal with the disruption caused by the discontinuation of Adobe Flash, but has now indicated its availability.

Cyber security and small business expert Hennie Ferreira says SARS is obviously desperate for a solution; however, the current solution is not safe.

“Flash Player is no longer a secure technology and any solution that involves using Flash Player is not secure. I think SARS is making the matter worse by putting taxpayers at risk by using unsafe technologies.”

Ferreira highlights the only solution around the Flash Player issues is to not use it at all. “SARS should process all requests via e-mail and their call centres manually until they have fixed the eFilling system.”

SARS notes the browser is currently compatible with Windows devices only, a move that Ferreira says still excludes the thousands of Mac and Linux users.

Jason Jordaan, principal forensic analyst at digital forensics firm DFIR Labs, comments that it was not a good decision on the part of SARS to release a “new” browser, adding that it just contributes to confusion on the part of the end-user.

“The bottom line is that SARS had well over three years to migrate from Flash and they simply did not get it done in time. They had certainly been working on it as a lot of functionality was no longer dependent on Flash.

“SARS clearly had the capability to transition away from Flash, and had demonstrated that they could do so successfully. My concern is that deploying a new browser instead of simply fixing the problem (that they were aware of), on time, is an ineffective use of resources, at a time when all of us in the country are expected to tighten our belts.”

Unnecessary risk
SARS says its browser cannot be used for general Internet surfing, as it deploys as a separate application and can only be used to access the SARS eFiling Web site and SARS corporate Web site.

Ferreira emphasises that the security implications are severe. “It places every taxpayer, who still needs Flash Player to use the browser, at risk of cyber attacks. Adobe recommended to remove Flash Player completely or to uninstall it as it is insecure and will open computers up to cyber attacks.

“The second problem is that it also places the entire eFilling system at risk and makes the entire system vulnerable by using outdated and insecure technologies.

“The risks are not only on the forms that use Flash Player, but also creates the possibility for hackers to use Flash Player’s vulnerabilities to penetrate SARS’s systems and pivot further attacks from there.”

Jordaan notes that using a product that is no longer supported carries risks. “The browser that SARS has released is a Chromium-based browser, and while the latest Chromium build has Flash support removed, it is possible to still enable Flash to run.”

Compliance considerations
Ferreira stresses that the situation is a national embarrassment for SARS as it was well aware of the discontinuation of Flash Player.

“This is not acceptable and it clearly demonstrates the incompetence from SARS’s IT department to act in this way and ignore cyber security norms and standards and put their own systems and taxpayers’ systems at risk.

“Businesses in South Africa, under the POPI Act, are obliged to implement cyber security protocols by law or face serious consequences. By being forced to use insecure technologies by SARS, this means they are not POPI-compliant as there is a well-known vulnerability that is not being addressed and can place all personal information that they process at risk.

“There is a very good reason why all major browsers stopped supporting Flash Player and removed it from their software. Flash Player is a security risk. SARS is doing the opposite by providing a browser that continues to use Flash Player, despite Adobe clearly instructing everyone not to do so. Google Chrome, Mozilla Firefox, Microsoft Edge, Apple Safari, Opera Browser, and pretty much any other safe browser, discontinued its support for Flash Player.”

 

Source: ITWeb

In 2020, Kaspersky detected a global average of 360 000 new malicious files each day, an increase of 5.2%, or 18 000 more, compared to the year before.

According to the security giant, this was influenced largely by a significant growth in the number of Trojans and backdoors, with a 40.5% and 23% increase respectively.

These were the findings of the Kaspersky Security Bulletin: Statistics of the Year Report.

Adware declines
On the plus side, adware is on the decline globally, and this scourge experienced a 35% decrease when compared to the previous year. However, not all regions were so lucky, with some noting an increase. In SA, for example, by the end of October last year, the average adware notifications per user increased slightly to over 33 in comparison to 32 for the whole of 2019.

It was also expected that for the duration of 2020, more than 256 000 South Africans would have been hit with adware.

The vast majority of malware detected, nearly 90%, occurred via Windows PE files – a file format specific to Windows operating systems. Concurrently, the number of new malware related to Android operating systems dropped by 13.7%.

Capitalising on remote workers
Given that remote working and studying were the order of the day during the pandemic, most likely on computers and laptops, threat actors seem to have shifted their focus to these devices.

Kaspersky saw a 27% increase in the number of different scripts – sent via malicious e-mail campaigns or encountered on infected Web sites, which could, once again, reflect the fact that people spent more time on the Internet and cyber criminals hoped to capitalise on that.

Denis Staforkin, a security expert at Kaspersky, said the rise in the number of malicious objects detected during 2020 can be attributed to the pandemic, as users across the globe were forced to spend more time on their devices and online.

“It’s hard to know whether or not attackers were more active or our solutions detected more malicious files simply because of greater activity. It could be a combination of both. Either way, we have registered a noticeable increase in the number of new malicious files in 2020, and this will most likely continue in 2021 as employees continue to work from home and countries implement different restrictions. However, if users take basic security precautions, they can significantly lower their risk of encountering them,” he says.

Better than cure
In order to stay protected, Kaspersky recommends that users pay close attention to and don’t open any suspicious files or attachments received from unknown sources. Also, the company advises to double-check the URL format and company name spelling before you download anything, to not download and install applications from untrusted sources, or click on any links received from unknown sources and suspicious online advertisements.

“Create strong and unique passwords, including a mix of lower-case and upper-case letters, numbers and punctuation, and activate two-factor authentication. Also, always install updates. Some of them may contain critical security issues fixes.”

Finally, Kaspersky counsels to ignore messages asking to disable security systems for office software or antivirus software, and to always use a robust security solution appropriate to the system type and devices.

 

By Johan Scheepers, country head at Commvault South Africa

The Covid-19 pandemic forced many businesses to swiftly adapt to a digital world. Working from home is set to become the ‘new normal’ for many workers who previously went into a corporate office environment. But protecting businesses from the effects of the pandemic goes beyond simply keeping employees safe and healthy. In addition to driving a growing Work From Home (WFH) movement, the rapid digital shift also sent cybercrime into overdrive. Businesses that do not prioritise data management in this digital world place themselves at a serious risk of security and compliance issues.

Data governance has not changed

Although the physical boundaries of many organisations have shifted to include a remote workforce, the policies around data governance and data protection have not changed. In fact, it is important to be more vigilant than ever, and actively work to extend these policies and processes to the edge.

WFH makes data more vulnerable, because of the many new toolsets it introduces as well as the potential for data to be stored in unsanctioned locations and on unsecured devices. Collaboration tools by their nature require the sharing of data, which can create a sensitive data risk if these tools are not brought into the data management strategy. Remote workers may also be saving sensitive files on the endpoint devices, which further complicates data governance. Endpoints are one of the biggest data risks, especially when it comes to highly targeted spear phishing attacks.

Access and permissions need to be managed

WFH highlights the risk of data access and permission – for example, a person may download a file, and then email it to their personal account, save it on their laptop and then send it to colleagues for comment. This generates multiple versions of files that may contain sensitive information. In turn, this not only creates additional vulnerabilities, but makes compliance with the Protection of Personal Information Act (PoPIA) and other data protection legislation like the General Data Protection Regulation (GDPR) practically impossible.

Organisations need to be able to identify sensitive data as well as whether or not employees actually need to be able to access it. It is also important to put policies in place around what can be done with the data if it is permissible to access it. Should employees be able to download it? Where should they be able to save it? How should they be permitted to share it? This is crucial for governance as well as compliance purposes.

On the hotlist

Security and compliance are always essential, but even more so in the current climate. South Africa is a hot target at present, and many large organisations have been hit with ransomware in recent times. Security is obviously paramount, but alongside it is the need to educate users about security risks. An organisation’s network is like an egg – the shell is tough, but once it is penetrated the insides are an easy target. The WFH movement has simply increased the attack surface, or the soft part of the egg, and bad actors are using this to their benefit to speed up ransomware attacks.

Compliance regulations enforce the protection of company data by law, but the reality is that data management is necessary and even beneficial, even without the risk of fines and reputational damage. Data protection itself has come a long way over the years and is now offered as a service that runs seamlessly in the background, so it is not an invasive practice. This needs to be combined with a single, cohesive view of data across the organisation, to improve efficiency and mitigate risk.

At the edge

The edge is the most vulnerable point of any network, and with the edge now extended into homes and remote offices, data management is key. This multi-cloud hybrid environment means that data is scattered across locations, so a proper toolset to provide a single view of risk is paramount. If you cannot see your data, you cannot manage it. It is essential to identify data, understand where you are at risk and what your exposure is, and know how to apply regulations to ensure adherence and compliance. Preventing the pandemic from affecting your business is about more than social distance – you need to look after your data as well.

 

Source: MyBroadband

The person behind the recent Absa data breach was a credit analyst at the bank who had access to risk modelling systems and sensitive client information.

The employee, who Absa said they trusted, leaked the client data to an external platform and then sold it to third parties.

This is feedback from Absa chief security officer Sandro Bucchianeri, who was speaking to ENCA about the data breach.

Bucchianeri first learned about the data breach on 27 October, after which they informed the Information Regulator about it.

Around a month after first being alerted to the data breach, Absa sent an email to affected clients warning them that their personal information had been shared with third parties.

He said the communication with customers was delayed to ensure they did not compromise the investigation, which was going through a court process at the time.

To date, Absa has not provided much detail about the number of clients affected and the person behind the leak, but Bucchianeri has now shed more light on the issue.

He said the Absa credit analyst sold private information about their retail banking clients to third parties.

While Bucchianeri could not divulge who these third parties were, he said they were from a “marketing type perspective who were looking for that type of information”.

“They may use the information to sell services or try to commit fraud on these accounts,” he said.

This employee has subsequently been suspended pending further information. Absa has also brought criminal charges against the employee, and these are playing out in the courts now.

Bucchianeri said the information which was leaked included bank account numbers, names and surnames, ID numbers, and contact details.

He added that the details of around 200,000 of their retail banking customers have been compromised.

Absa has now destroyed the leaked data and the external party devices have gone through an independent forensic review.

“We are in the process now to obtain the files for our own investigation,” said Bucchianeri.

He said Absa may also bring charges against the third parties who had access to the leaked data.

Following the data breach, Absa has implemented heightened monitoring on all the clients’ accounts who were leaked.

 

 

Absa suffers data breach

By Dhivana Rajgopaul for IOL

Absa has laid criminal charges against the employee behind the data breach that resulted in clients’ personal information being leaked to third parties.

“Absa has brought criminal charges against the employee, and internally the requisite consequence management has been undertaken. Absa may take further action in relation to the recipients of the data once the full scope of the leak is identified and all investigations are completed,” said the bank in a statement.

According to the bank, an employee unlawfully made customer data available to external parties.

Absa warned the affected clients through an email on November 30 which informed them their personal information had been shared with external parties.

Absa said a “small portion” of clients’ personal information was leaked, but investigations would continue.

The personal information of clients that was shared with third parties includes identity numbers, account numbers, contact details and physical address.

The bank also secured an order from the High Court to carry out search and seizure operations and secured the devices that contained the data.

According to Absa, the data on the devices was destroyed.

The bank said it would contact customers who were affected by the data breach about potentially suspicious transactions.

It has also enhanced the monitoring of customer accounts that have been affected to date as well as put in place additional control measures to minimise the risk of re-occurrence in future.

 

Source: Telecom Paper

Vodacom South Africa says it has spent R1-billion on batteries over the last six months to ensure its network stayed up during loadshedding, MyBroadband reported.

Vodacom CEO Shameel Joosub said the power outages this year forced the operator to increase its back-up power investment.

South Africa suffered the worst ever load-shedding in 2020, with total gigawatt-hours shed surpassing the 2019 record in August. In September, the cumulative load-shedding for 2020 was already 23% worse than the whole of 2019.

To create a robust mobile network, Vodacom directed 20 percent of its R5-billion capital expenditure over the last six months towards back-up power.

To buy and install new batteries at mobile sites is only part of the challenge as criminals are wrecking mobile networks to get their hands on the batteries, which are then sold on the black market.

Joosub said Vodacom is losing around R150-million per year because of battery theft, which is an ongoing battle.

 

By Ben Gilbert for Business Insider US

As the coronavirus pandemic continues around the world, some people are turning to an emerging black market for fake negative test results.

In France, at Paris’ Charles de Gaulle Airport in September, a group of seven people were arrested for selling falsified digital certificates intended to prove negative coronavirus results, the AP reported last week. The group was discovered following an investigation sparked by a traveler leaving France for Ethiopia. The traveler reportedly had a fake digital certificate that claimed they tested negative for the virus.

The group in Paris was reportedly selling the fake test results for $180 (R2,800) to $360 (R5,600) apiece.

In another case, in late October, a group of travelers in Brazil was found with falsified negative test results in an attempt to enter the Fernando de Noronha island group, the AP reported.

Rather than buying fake test results, the group is accused of altering their own results.

In yet another case, in the UK, several gentleman told The Lancashire Telegraph that they had doctored the results of friends’ tests in order to travel. “You can simply get their negative test and change the name and birth date to your own. You also put a test date on which is within the time limit required,” the unnamed man said. “You download the email, change it and then print it.”

Coronavirus diagnoses and deaths continue to climb around the world, and the pandemic has seen a resurgence in recent months in North America and Europe, according to the World Health Organisation. As of November 12, the virus has killed more than 1.2 million people and infected over 51 million people around the globe.

 

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top