According to Kaspersky, a major spike in network attacks took place in South Africa last week. Affected devices increased from 20,000-30,000 to about 310,000 in the period spanning from 15 – 21 March.
This has coincided with an increase in remote working in the country, after President Cyril Ramaphosa announced first a National State of Disaster and then a 21-day lockdown.
“Remote working provides cybercriminals a prime opportunity to target devices, especially those that don’t necessarily have adequate IT security measures in place,” Maher Yamout, senior security researcher for the Global Research and Analysis Team at Kaspersky, said in an interview with MyBroadband.
“Such a spike recorded, although temporary, leads us to believe that cybercriminals have keenly been focused on the region given the current circumstances.”
Protecting your networking during lockdown
Kaspersky provided a variety of tips employees should follow when working remotely during the impending lockdown:
- Make use of a VPN to connect securely to the corporate network
- Use multi-factor authentication wherever possible
- Ensure all corporate devices – including mobiles, laptops and tablets are protected with adequate security software
- Segregate your personal devices/life from corporate computers
- Ensure the latest available updates are installed regularly
- Only use corporate-approved teleconferencing software
- Practice basic cybersecurity rules
The rapidly evolving story about Moscow-based Kaspersky Lab’s involvement in helping Russian government hackers steal sensitive National Security Agency materials has taken yet another turn, as The Wall Street Journal reports that the assistance could have come only with the company’s knowledge.
Wednesday’s report, citing unnamed current and former US officials, said the help came in the form of modifications made to the Kaspersky antivirus software that’s used by more than 400 million people around the world. Normally, the programs scan computer files for malware. “But in an adjustment to its normal operations that the officials say could only have been made with the company’s knowledge, the program searched for terms as broad as ‘top secret,’ which may be written on classified government documents, as well as the classified code names of US government programs, these people said.”
The report is the latest to detail a 2015 event in which an NSA worker—described as a contractor by the WSJ and an employee in articles from The Washington Post—sneaked classified materials out of the agency and onto an Internet-connected computer that had Kaspersky AV installed on it. The WSJ, WaPo, and The New York Times have all reported that hackers working for the Russian government were able to home in on the documents with the help of the Kaspersky software.
On Tuesday, the NYT was first in reporting that NSA officials first learned of the help provided by Kaspersky AV from Israeli intelligence officials who had hacked into Kaspersky’s corporate network and witnessed the assistance in real time.
Wednesday’s report is the first to explicitly say the assistance wasn’t the result of a covert hack or the exploitation of an inadvertent weakness but rather likely came with the knowledge of at least one Kaspersky official.
“There is no way, based on what the software was doing, that Kaspersky couldn’t have known about this,” the WSJ quoted a former US official with knowledge of the 2015 event saying. The official went on to explain that the Kaspersky software was designed in a way that it would have had to be programmed to look for specific keywords. Kaspersky employees, the official continued, “likely” would have known such a thing was happening. The evidence, Wednesday’s report said, has now caused many US officials to believe the company was a “witting partner” in locating the materials on the home computer.
In a statement issued Wednesday, Kaspersky officials wrote:
Kaspersky Lab was not involved in and does not possess any knowledge of the situation in question, and the company reiterates its willingness to work alongside US authorities to address any concerns they may have about its products as well as its systems.
The company has long maintained it has no inappropriate ties to any government, including Russia’s, and vigorously defends against all malware threats.
Meanwhile, Reuters reported that German officials had no evidence to back the reports Kaspersky AV played a role in the theft of the NSA materials and had no plans to warn against the use of the software. Last month, the US Department of Homeland Security took the unprecedented step of banning all federal government agencies and departments from using any Kaspersky goods or services.
The WSJ went on to report that US intelligence agencies spent months studying and experimenting with Kaspersky software to see if they could trigger it into behaving as if it had discovered classified materials on a computer being monitored by US spies. “Those experiments persuaded officials that Kaspersky was being used to detect classified information,” Wednesday’s report said.
By Dan Goodin for ARS Technica
South Africa is among the world’s top 40 sources of spam, according to security firm Kaspersky Lab. The country was ranked 36th as a global source of spam in the third quarter of 2015.
Eugene Kaspersky, chairman and CEO of Kaspersky Lab, will address the most pressing issues facing cybersecurity during a panel session at the World Economic Forum in Davos.