TransUnion hacked and held to ransom

Source: Fin24

Credit bureau TransUnion has been hacked and has received a demand for ransom, it said in a statement.

The hackers, who described themselves as a “criminal third party”, gained access to the bureau’s server by misusing an authorised client’s credentials, according to the statement.

“We have received an extortion demand and it will not be paid,” TransUnion said.

The Southern African Fraud Prevention Service (SAFPS) said it appears that TransUnion is battling to retrieve the compromised data from the hackers. TransUnion has not yet confirmed or denied this directly to Fin24.

But the company said it is working with law enforcement and regulators. Its investigation is ongoing, and as it progresses, TransUnion SA will notify and assist those whose personal data may have been affected.

According to TransUnion, it immediately suspended the compromised client’s access, engaged cybersecurity and forensic experts, and began investigating. It is working with law enforcement, it said.

It also took some of its services offline, but these have since resumed.

“We believe the incident impacted an isolated server holding limited data from our South African business. We are working with law enforcement and regulators,” it said.

“We are engaging clients in South Africa about this incident. As our investigation progresses, we will notify and assist individuals whose personal data may have been affected.

“We will be making identity protection products available to impacted consumers free of charge,” TransUnion added.

CEO Lee Naik added that protecting client data was TransUnion’s “top priority”.

“We understand that situations like this can be unsettling and TransUnion South Africa remains committed to assisting anyone whose information may have been affected,” said Naik.

Technology site ITWeb earlier reported that the hacker group was going by the name N4aughtysecTU and claimed to come from Brazil. Speaking to ITWeb via Telegram, the hacker group reportedly said it had 4 terabytes of client information and had accessed some 54 million records, including data from over 200 corporates.

The group allegedly threatened to attack TransUnion’s corporate clients if the bureau didn’t cough up. According to ITWeb it wants $15 million (~R223 million) in Bitcoin.

Rising data breach incidents in SA

SAFPS CEO Manie van Schalkwyk said records of 54 million South Africans might have been compromised.

“This alarming news is further indication that every company that holds personal information is a potential target. The consumer desperately needs an extra layer of protection on their identity against criminals who will turn their lives upside down without a second thought,” said SAFPS CEO Manie van Schalkwyk.

SAFPS said cyberattacks and data breaches targeting SA companies have escalated over the past two years.

In 2020, another credit bureau, Experian, suffered a data breach, which potentially exposed the information of 24 million South Africans. In 2021, Debt-IN Consultants, a debt recovery partner to many South African financial services institutions, got a ransomware attack. It is estimated that the personal information of more than 1.4 million South Africans was illegally accessed from its servers.

Banks have not been spared either. Absa announced a data leak in November 2020, and it has been identifying more impacted customers this year, almost a year-and-a-half after the incident. Standard Bank also identified a data breach on its LookSee platform in November last year.

“Data breaches have been on the rise globally, and South Africa has seen unprecedented increases in the number of cyber victims,” said Dalene Deale, the executive head of Secure Citizen, which was created through a collaboration with SAFPS and OneVault to identity theft following online fraud.

Deale said this increase in data breaches means that fraudsters are now armed with more the correct information enabling them to impersonate individuals.

SAFPS said when records of more than 20 million consumers were compromised at another credit bureau – possibly Experian – it saw impersonation rise by more than 300%.

SAP ordered to repay more than R413m

By Jeanette Chabalala for News24

Two multimillion-rand software and support contracts between the Department of Water and Sanitation (DWS) and global giant SAP have been set aside.

On Tuesday, the Special Tribunal declared the contracts, which were signed in 2015 and 2016 respectively, “constitutionally invalid” and set them aside.

Judge Lebogang Modiba ordered the DWS not to use any of the software licences under the agreements.

She ordered SAP to pay the DWS R413 121 283.40 in respect of both contracts.

She added that within five court days of the date of the order, SAP has to pay the department R263-million.

In September 2018, a proclamation was published for the Special Investigating Unit (SIU) to probe allegations that the purchase of the SAP licences for more than R500 million was not necessary and they were procured without the correct tender process being followed.

There were also allegations that R35 million in kickbacks were paid after the DWS procured the SAP service on 26 July 2016.

The SIU began work in September 2018 and immediately “uplifted” computers and documentation from the department.

The unit found that the contract value was approximately R950 million, excluding value-added tax (VAT), consisting of R450 million for the SAP licence fees, plus maintenance over five years.

It also found that no needs analysis was conducted and that there was no budget for the purchase of the SAP licences.

There was also no “virement” or approval of the payments to SAP.

The State Information Technology Agency (SITA) was not consulted and, in fact, SITA had advised the department against proceeding with the contract, News24 previously reported.

The SIU also found evidence that the 2015 agreement with SAP was irregular and ought to have been set aside.

The unit said it made “disciplinary referrals” to the department against two senior officials.

“The SIU was informed that [a disciplinary hearing] against one senior official has been concluded and judgment is expected within this week, while the DWS is considering disciplinary action against the other official. The SIU has also referred evidence pointing towards criminality to the NPA (National Prosecuting Authority), AFU (Asset Forfeiture Unit) and SARS. The referrals are in line with the SIU Act 74 of 1996,” it said in a statement on Wednesday.”


Source: Bloomberg

Samsung Electronics Co. suffered a cybersecurity breach that exposed internal company data, including source code for the operation of its Galaxy smartphones, the company said.

The statement came after a claim over the weekend that LAPSUS$, a hacking group that stole proprietary information from Nvidia Corp.’s networks, had gained access to Samsung data.

The Korean electronics giant did not identify the attackers who compromised its systems. Measures to prevent further breaches have been put in place, a spokesperson said via text message, and customers’ personal data was not affected.

“There was a security breach relating to certain internal company data,” Samsung said. “According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees.”

“Currently, we do not anticipate any impact to our business or customers. We have implemented measures to prevent further such incidents and will continue to serve our customers without disruption.”

The LAPSUS$ hackers posted a 190GB torrent file to their Telegram channel late Friday, claiming it contained confidential Samsung source code that exposed the company’s device security systems.

Among the items listed were algorithms for Samsung smartphone biometric authentication and bootloader source code to bypass some operating system controls.


Source: CNBC

As Russia steps up its cyberattacks on Ukraine alongside a military invasion, governments on both sides of the Atlantic are worried the situation could spill over into other countries, becoming an all-out cyberwar.

Russia has been blamed for a number of cyberattacks targeting Ukraine’s government and banking system in recent weeks.

On Thursday, cybersecurity firm ESET said it had discovered new “wiper” malware targeting Ukrainian organisations. Such software aims to erase data from the systems it targets.

A day earlier, the websites of several Ukrainian government departments and banks were knocked offline by a distributed denial of service (DDoS) attack, which is when hackers overwhelm a website with traffic until it crashes.

It comes after a separate attack last week took down four Ukrainian government websites, which U.S. and U.K. officials attributed to the GRU, the Russian military intelligence agency.

Ukrainian residents also reportedly received fake text messages saying ATMs in the country did not work, which cybersecurity experts say was likely a scare tactic.

For its part, Russia says it “has never conducted and does not conduct any ‘malicious’ operations in cyberspace.”

The onslaught of attacks has led to fears of a wider digital conflict, with Western governments bracing for cyberthreats from Russia — and considering how to respond.

Officials in both the U.S. and Britain are warning businesses to be alert to suspicious activity from Russia on their networks. Meanwhile, Estonian Prime Minister Kaja Kallas on Thursday said European nations should be “aware of the cybersecurity situation in their countries.”

NBC News reported Thursday that President Joe Biden has been presented with options for the U.S. to carry out cyberattacks on Russia to disrupt internet connectivity and shut off its electricity. A White House spokesperson pushed back on the report, however, saying it was “wildly off base.”

Nevertheless, cybersecurity researchers say an online conflict between Russia and the West is indeed a possibility — though the severity of any such event may be limited.

“I think it’s very possible, but I think it’s also important that we reflect on the reality of cyberwar,” John Hultquist, vice president of intelligence analysis at Mandiant, told CNBC.

“It’s easy to hear that term and compare it to real war. But the reality is, most of the cyberattacks we’ve seen have been nonviolent, and largely reversible.”

Toby Lewis, head of threat analysis at Darktrace, said the attacks have so far been largely focused on supporting Russia’s physical invasion of Ukraine.

“It is the physical land and territory that Russia appears to seek rather than economic leverage, for which a cyber-first campaign may be more effective,” he told CNBC.

However, researchers at Symantec said the wiper malware detected in Ukraine also affected Ukrainian government contractors in Latvia and Lithuania, hinting at a potential “spillover” of Russia’s cyberwarfare tactics into other countries.

“This likely shows the beginning of the collateral impact of this cyber-conflict on global supply chains, and there may begin to be some effect on other Western countries that rely on some of the same contractors and service providers,” Lewis said.

Several European Union countries, including Lithuania, Croatia and Poland, are offering Ukraine support with the launch of a cyber rapid-response team.

“We have long theorized that cyberattacks are going to be part of any nation-state’s arsenal and I think what we’re witnessing for the first time frankly in human history is cyberattacks have become the weapon of first strike,” Hitesh Sheth, CEO of Vectra AI, told CNBC’s “Squawk Box Asia” on Friday.

Sheth suggested Russia could launch retaliatory cyberattacks in response to Western sanctions announced earlier this week.

“I would fully expect that, given what we are witnessing with Russia overtly attacking Ukraine with cyberattacks, that they would have covert channels as a way to attack institutions that are being deployed to curtail them in the financial community,” he said.

What happens next?
Russia has long been accused by governments and cybersecurity researchers of perpetrating cyberattacks and misinformation campaigns in an effort to disrupt economies and undermine democracy.

Now, experts say Russia could launch more sophisticated forms of cyberattacks, targeting Ukraine, and possibly other countries, too.

In 2017, an infamous malware known as NotPetya infected computers across the world. It initially targeted Ukrainian organisations but soon spread globally, affecting major corporations such as Maersk, WPP and Merck. The attacks were blamed on Sandworm, the hacking unit of GRU, and caused upward of $10 billion in total damage.

“If they actually focus these types of activity against the West, that could have very real economic consequences,” Hultquist told CNBC.

“The other piece that we’re concerned about is that they go after critical infrastructure.”

Russia has been digging at infrastructure in Western countries like the U.S., U.K. and Germany “for a very long time,” and has been “caught in the act” multiple times, Hultquist said.

“The concern, though, is we’ve never seen them pull the trigger,” Hultquist added. “The thinking has always been that they were preparing for contingency.”

“The question now is, is this the contingency that they have been preparing for? Is this the threshold that they’ve been waiting for to start carrying out disruptions? We’re obviously concerned that this could be it.”

Last year, Colonial Pipeline, a U.S. oil pipeline system, was hit by a ransomware attack that took critical energy infrastructure offline. The Biden administration says it doesn’t believe Moscow was behind the attack. DarkSide, the hacking group responsible, was believed to have been based in Russia.


Blue Label Telecoms uncovers massive fraud

Source: MyBroadband

Blue Label Telecoms has uncovered a large fraudulent scheme, operating since 2015, perpetrated by two former senior executives of a subsidiary company.

The fraudulent transactions were performed primarily outside the course and scope of the subsidiary’s field of commercial dealings.

The senior executives interposed themselves between intermediary companies and the subsidiary for their own benefit.

Blue Label identified transactions that amounted to a theft of funds from the subsidiary, which the executives tried to conceal.

The company signed settlement agreements with the executives in late October 2021, where most of the assets of the executives were signed over to Blue Label.

The value of these assets as of 31 October 2021 amounted to R315 million, which indicates the scale of the fraud.

“Subsequent to the fraud investigation and detailed review of the control environment and business processes within the subsidiary, management has implemented the necessary improvements relating to the existing control environment,” Blue Label said.

The company now holds Powers of Attorney over the assets of these executives. They are listed in the table below.

Commenting on the “immovable properties”, Blue Label said it is not its intention to acquire legal title to the properties or keep the rights long term.

It is, therefore, actively marketing these properties and expects to sell them all within the next twelve months.

All the money found to be held in the bank accounts of the perpetrators has been transferred to Blue Label’s bank accounts.

As of 30 November 2021, properties to the value of R8.5 million have been sold.


By Malibongwe Dayimani for News24

Walter Sisulu University (WSU) student Sibongile Mani was found guilty of theft in connection with R14-million accidentally credited to her account by the National Student Financial Aid Scheme (NSFAS) in 2017.

The East London Regional Court’s magistrate, Twanette Olivier, on Monday found Mani guilty of stealing R818 000 of the funds.

The court dismissed Mani’s version that she had no intention to deprive NSFAS of its money and that she had no knowledge of the specification of the loan agreement she had with NSFAS.

She was only entitled to a R1 400 food allowance and was accused of failing to report when R14-million was instead credited to her erroneously. She chose to embark on a spending spree.

Addressing Mani, Olivier said: “These actions speak of someone whom the court finds knows the system, how it is implemented and most specifically how it may be bypassed.

“It [the theft] was well-orchestrated. Your actions do not speak of a person who lacks knowledge. The evidence of each witness was clear and direct. Each witness testified on the certain aspect of the process followed by WSU, NSFAS and Intellimali per duties and tasks. Witness testimonies were further collaborated by documented evidence which was placed on record in detail.”

Olivier said she found the testimonies by State witnesses truthful and honest, and that the State’s version was reliable.

“The court finds that the accused’s version of events, in so far as it differs from that of State witnesses, to be unsatisfactory and false.

“No other inference can be drawn by the court, other than that the accused knew very well that her actions were unlawful, and the only other inference to be drawn is that she had the required intent to commit theft as required when applying the subjective test.

“This is said with reference to how she [Mani] managed to plan and orchestrate her unlawful actions with regards to times, places amounts and cities. Her actions do not reflect those of a person acting without intentions.

“Therefore, based on the above, Ms Mani you are found guilty as charged to theft in the amount R818 000.”

Mani was arrested in May 2018 by the Serious Commercial Crime Unit of the Hawks.

The case of theft was opened by Intellimali – a Cape Town-based company responsible for distributing the NSFAS funds to students.

She is accused of failing to report the error and embarked on a spending spree, blowing more than R800 000 in 73 days.

The State charged that between 1 June, when the money landed in her account, until 13 August, when NSFAS found out about the error, she had spent an average of R11 000 per day.

She ostensibly used the money at 48 merchants in Eastern Cape, Western Cape and Gauteng.

Olivier told Mani the receipts of her expenditure indicated that “you had definitely planned per day as to how much you can spend per day in as many places as possible on any given date.”

She added that it was remarkable how Mani managed to spend around R20 000 a day at merchants across the country. all in one day.

On perusal of Mani’s expenditure records, she spent:

  • R178 923 at Discount Supermarket in Fleet Street, East London;
  • R174 631 at Checkers Hyper supermarket in Centurion;
  • R107 255 at Checkers Nonesi Mall in Komani;
  • R68 116 at Shoprite on Caxton Street in East London; and
  • R17 006 at Shoprite in George.

“What is, however, remarkable is that the accused managed to use the credit on one specific day at various outlets in various provinces on the same given date,” said Olivier.

Olivier noted that, on 1 June, all the spending occurred in East London and one transaction in George.

On perusing 3 June 2017, Olivier said Mani spent the money in East London, Komani, Thembalethu and Mthatha.

“9 June is even more remarkable as spending took place in East London, Komani and Centurion. 11 June spending took place in East London, Centurion, Benoni Lake.”

Prohibited items were also bought in Cradock, and included: 13 backpack trolleys, nine bath sheets and other accessories, eight bin items, 11 blankets, various blenders, body shots for men, ladies bras, an unaccountable amount of wine, from white wine, rose, semi-sweet, varying from 750ml to 5 litre boxes, cake plates, calculators, four hair straighteners, cook wear, cupcake makers, cutlery, dinner sets, 13 extensions cords, eight frying pans, five hairdryers, various handbags, six steam irons, iTunes gift cards, 24 jackets, 12 cordless kettles, track tops, ladies tops, 11 microwaves, framed mirrors, cigarettes, pants, Checkers gift cards, shoes, sleep sets, 10 ladies sleep items, slow cookers and eyelashes.

Olivier noted the evidence before the court included seven pages which recorded the expenditure on airtime from Vodacom, MTN and Cell C.

Sentencing is set for 8 March 2022.


By Lwandile Bhengu for News24

The Absa engineer and his wife charged with stealing more than R100-million from the bank have been granted bail of R50 000 each.

Dressed more modestly than when they first appeared, Xolela Masebeni and Athembile Mpani made their third appearance in the Palm Ridge Specialised Commercial Crimes Court on Wednesday.

Masebani, a specialist engineer who worked in Sandton and earned R52 000 per month, is accused of stealing R103-million from the bank and allegedly transferring the money into six different bank accounts over four months between September and December 2021.

Mpani, who is also the mother of Masebani’s three children, is alleged to have benefitted from the money. The couple face charges of theft, fraud and contravening the Prevention of Organised Crime Act.

In bail judgment, Magistrate Phillip Venter said that although there was no doubt that there was a reasonably strong case to be built against the two, the State had not proven that it was in the interest of justice to deny them bail.

During their bail application on Monday, investigating officer, Captain Oscar Molahlehile Mopeli, told the court how the couple had allegedly spent over R200 000 on a shopping spree at luxury stores in Sandton. They are also said to have purchased seven cars with cash over a short period of time, as well as two properties in Khayelitsha.

In his bail affidavit, Masebani told the court that he owned three cars, while Mpani, in her affidavit, said that she owned three cars. The couple intend denying the charges against them.

Mopeli testified that the majority of the money was transferred into Masebani’s and Mpani’s accounts, while the rest was transferred to people known to Masebani.

Some of the accounts have been frozen.

Third suspect arrested

Arguing against bail, prosecutor Sharon Masedi said that, because Masebani was an IT specialist, the State was concerned that he would conceal evidence vital to their case. She also said that the couple had not been co-operative in assisting the State in finding the cars allegedly bought through the proceeds of crime.

Venter questioned Masedi on the fact that no person facing a criminal charge was obliged to give the State information that might incriminate them, and that he could not compel anyone to do that.

He added that the State had not presented anything to substantiate the claim that Masebani, in particular, would try and conceal evidence.

As part of their bail conditions, they must report to their nearest police station twice a week, they must inform police when they leave for the Eastern Cape, they must not apply for any travel documents, and must reside at the same address they gave in their bail application. They must also not dispose of any assets that they mentioned in their affidavits.

In addition, Masebani is not allowed to set foot in the Absa branch where he worked, contact its employees, or access any of its information.

Meanwhile, a third person, who allegedly received R74-million of the money, has been arrested in connection with the case.

Gershom Matomane was arrested in Cape Town on Thursday and appeared in court on the same day.

Matomane is expected to appear again in Palm Ridge Court soon, while Masebani and Mpani will be back in court on 14 March.


By Nicole McCain for News24

A municipal office in Johannesburg has been robbed and 20 computers damaged.

It was the second incident in less than two weeks, and according to the City of Johannesburg it was an attempt to thwart digitisation.

On Monday, the City’s building development management staff discovered that their office, on the 6th floor of the Metro Centre in Braamfontein, had been robbed and 20 desktop computers vandalised.

On 14 January 2022, the building was also burgled and six desktop computers were damaged, said Mayoral Committee Member Belinda Echeozonjoku.

“Both incidents followed the same modus operandi – a burglary resulting in the theft of hard drives, processing units and memory chips. Investigations are under way by the SA Police Service and the City’s Group Forensics and Investigation Services,” said Echeozonjoku.

READ | Amathole mayor calls for probe after video of armed guards dragging councillor from her office

She described the burglaries as “destructive acts” that were “criminal” and said the City did not take the matter lightly.

“These burglaries and acts of vandalism are a clear indication that there is a pushback from individuals who are against the digitisation of the building plan application process recently introduced by Development Planning. I am even more disappointed to have received allegations from members of the public [that] internal staff… have expressed their dislike of the online application system,” Echeozonjoku said.

The construction permit management system, which Development Planning is currently implementing, is a new web-based building permit system to modernise and streamline the Site Development and Building Plan approval processes.

Echeozonjoku said:

We are aware that there are individuals who previously benefited from the inefficiencies of our processes, who are not particularly happy with the implementation of the digital platform.

More Absa customers hit by data leak

Source: MyBroadband

Absa has continued to send notifications to more customers impacted by a data leak in October 2020.

Customers have told MyBroadband they received emails from the bank this past week informing them the leak also impacted them.

“Following Absa’s announcement of an isolated data leak in November 2020, and a resultant independent forensic investigation, we have now identified more compromised data and are contacting impacted customers directly,” it states.

“Unfortunately, this leak encompassed some of your personal information, including your identity, contact details and transactional account number,” the bank added.

The leak, which an Absa employee orchestrated, resulted in the exposure of customer data that included identity numbers, contact details, addresses, and account numbers.

The employee, who served as a credit analyst, had been caught selling the private information of retail banking clients to third parties.

He was subsequently dismissed and criminally charged, and Absa notified the Information Regulator about the issue.

In its initial acknowledgement of the breach in November 2020, the bank labelled the incident as “isolated” and claimed it affected a “limited number of customers”.

Absa chief security officer at the time, Sandro Bucchianeri, later revealed the bank believed the information of 200 000 customers was exposed. For reference, Absa had around 9.7 million customers as of September 2020.

Bucchianeri left Absa in June 2021 and joined National Australia Bank as chief security officer.

Number of new accounts impacted unclear
The latest notification is at least the second time since the initial notice that Absa has informed additional impacted customers their details were exposed in the leak.

In April 2021, Absa sent a similar email to customers it had determined were also impacted.

An Absa spokesperson told MyBroadband independent investigations were ongoing, and the bank continued to reach out to customers as new information came to light.

“Throughout this process, we have taken extra precautions and heightened monitoring of customer accounts,” the spokesperson said.

The spokesperson did not respond to a question about exactly how many impacted customers had been added to the original tally of 200,000.

Absa advised customers suspecting suspicious activity on their accounts to contact its fraud hotline on 0860 557 557.

The bank also offers a free digital fraud warranty for customers that use its mobile app.


By Paul Vecchiatto for Bloomberg

A South African law-enforcement agency said its investigation into some of the health-equipment contracts awarded by the government during the Covid-19 pandemic found almost two-thirds of them were irregular.

The Special Investigation Unit probe found that 2,803 of 5,467 deals worth 14.3 billion rand ($935 million) were improper, according to a statement emailed by the presidency on Tuesday. President Cyril Ramaphosa authorized the investigation into the contracts in mid-2020.

“It is unacceptable that so many contracts associated with saving lives and protecting livelihoods were irregular, unlawful or fraudulent,” Ramaphosa said in the statement. “This investigation demonstrates our determination to root out corruption and to deal with perpetrators.”

The National Prosecuting Authority and other law-enforcement agencies may use the SIU’s investigations to file criminal charges against people in the public and private sectors, the presidency said.


Follow us on social media: 


View our magazine archives: 


My Office News Ⓒ 2017 - Designed by A Collective