Subscribe
  • Home
  • /
  • Security
  • /
  • Impersonation attacks loom after SA's biggest data leak

Impersonation attacks loom after SA's biggest data leak

Admire Moyo
By Admire Moyo, ITWeb's news editor.
Johannesburg, 19 Oct 2017
SA's top real estate companies are being blamed as the source of the data leak.
SA's top real estate companies are being blamed as the source of the data leak.

Following the exposure of 30 million personal records of South Africans, cyber criminals will use the information to commit fraud.

This is according to cyber security experts commenting on the potential impact of SA's biggest data breach, which was revealed by Australian IT security professional Troy Hunt.

"This week, I started looking into a large database backup file which turned out to contain the personal data of a significant portion of the South African population. It's an explosive situation with potentially severe ramifications and I've been bombarded by questions about it over the last 48 hours."

On his blog post published today, Hunt explains how he discovered the leak.

An impersonation attack is one in which an adversary successfully assumes the identity of one of the legitimate parties in a system or in a communications protocol.

The source of the data breach is still unclear, with several reports pointing to different South African organisations. Amid the confusion, there have been threats of litigation by some companies which have so far been blamed for the breach.

Legal threats

Dracore Data Sciences, which was caught in the storm, yesterday issued a statement saying: "Please note that our evidence is conclusive that Dracore Data Sciences is not responsible for the data leak and this matter is now being dealt with by our legal team."

Nonetheless, most of the blame is being levelled against top real estate companies in SA.

Brian Pinnock, a cyber security expert at Mimecast.
Brian Pinnock, a cyber security expert at Mimecast.

Amid the furore, John Giles, a legal advisor at law firm Michalsons, says SA's data protection law - the Protection of Personal Information Act - makes it clear who is responsible "but as with anything, there needs to be evidence to prove who was responsible and accountable. It is a question of fact that needs to be proved."

According to Hunt, the compromised information "contained everything from national ID numbers to names, addresses, genders, birth dates and ethnicities".

Unlike an ordinary hack, Hunt believes someone in SA literally published their database of the entire country to the public Internet.

Manuel Corregedor, COO of Telspace Systems, concurs: "The data was exposed publicly on the server where anyone could have easily accessed the data. No advanced skills were required to get access to the data.

"Criminals could use this type of data in further targeted social engineering attacks, identity theft and/or to commit fraud."

Corregedor says users should closely monitor their financial accounts for any irregular activity as well as consider looking at credit monitoring or fraud protection services.

However, the data is now offline, as it was taken down about 10:30am yesterday SA time.

"While it's unclear at this point how the information was obtained, South African organisations need to brace themselves for supercharged impersonation fraud attacks," says Brian Pinnock, a cyber security expert at Mimecast.

"This is social engineering on another level as half of the work is already done for potential hackers. They now have access to e-mail addresses, mobile numbers and even ID numbers, marital status, employer information and income. Fraudsters can now target their victim by knowing the most sensitive information that only your most trusted service providers or family would know."

Cyber resilience

Pinnock points out that having the most sensitive information of more than half of SA's population, hacked and leaked on the Internet, is a clear indication that having an effective cyber resilience strategy is no longer a debate.

"Looking out for malicious e-mails is now crucial," he urges. "All e-mail users should know the signs of a targeted e-mail threat - is the e-mail address legitimate, does the URL in an e-mail or attachment take you to the correct site, is the language typical of the sender? Of course, the signs might not always be easy to spot so all organisations should consider advanced security with targeted threat protection. This will radically decrease the possibility of malicious e-mails getting through.

"Finally, everyone should consider changing all of their passwords and ensure they don't re-use these across online services. It is vital to have unique passwords because as soon one has been stolen, no channel is safe."

Claude Schuck, regional manager for Africa at Veeam, says the data breach should push every organisation to review its corporate security measures.

"In a connected environment, companies can ill afford to have access to sensitive back-end data compromised. Downtime and data loss now see enterprises face public scrutiny in ways that cannot be measured by a balance sheet alone."

Meanwhile, EWN reports the Department of Home Affairs is looking to probe this massive data breach.

Share