By: MARYANNE GICOBI. African countries lost at least $2 billion in cyber attacks in 2016, a new report claims.
In East Africa, Kenya recorded the highest losses — $171 million — to cyber criminals. Tanzania lost $85 million while Ugandan companies lost $35 million.
Serianu, an information technology services and business consulting firm, which published the Africa Cyber Security Report 2016 in conjunction with United States International University-Africa’s Centre for Informatics Research and Innovation, says Tanzanians lost most of their money through mobile money transfers.
“In places like Tanzania, deep in the rural areas, we are seeing a lot of SMS attacks; people receiving threatening messages, people losing money on their mobile phones. There are a number of people tricking people into sending money via mobile phones,” said Serianu managing director William Makatiani.
The Africa Cyber Security Report 2016 ranks banking as the leading risk sector.
“The interconnection and complexity of modern banking systems has led to complex regulatory requirements, greater exposure to internal and external cyber security threats and concerns around data security and privacy across virtual borders,” says the report.
“In 2016, we witnessed more advanced attacks in banks mostly perpetrated by insiders, raising the concern that the banking sector is unprepared to deal with insider threats. Other sectors that have attracted criminals are the government, telecommunications, mobile money services, Saccos, microfinance and co-operatives, e-commerce and online markets, utilities (energy, water and electricity), manufacturing, hospitality and other financial services such as insurance, investment and brokerage,” it adds.
Complicity of insider staff
Mr Makatiani said Ugandans experienced the most spamming in Africa, and some of the emails were harmful.
“There are many people filling your inbox with unnecessary mail so that out of five emails, only one is work related, the rest are junk mail, something that affects work efficiency. Some send links that when clicked can lead to getting hacked,” he said.
The report cites a case in which 10 organisations in insurance, banking, government and financial services lost money through attacks on their computer networks.
The crimes are usually committed with the complicity of insider staff by hackers who capitalise on the weaknesses of the organisations’ ICT infrastructure and processes.
The insider staff manipulate the target firms’ computers and capture customer account information that hackers then use to commit fraud.
“The malicious insider staff steal passwords and approve transactions and move money out very late at night. In one particular case, the companies involved lost $13.5 million,” said Mr Makatiani. “In insurance schemes, when you have a life policy that is about to expire, the hackers change the beneficiary, so that when the pay-out is made, it does not go to the right person.”
In one case, between October 2015 and August 2016, hackers conspired with company insiders to install malicious keylogging and remote desktop software on computers dedicated to processing financial transactions.