CYBER ATTACKS!

It’s not a question of if. But when…

Before we get into the crux of the article, some stats –

• According to the University of Maryland, more than 2,200 cyber-attacks occur each day. When broken down, that means someone becomes a victim of a data breach, phishing attack, or other cybercrime every 39 seconds.
• The key findings of a study undertaken by Comparitech  indicate that 88.5 million people fall victim to cybercrimes globally each year (this equates to over 1,096 victims per 100,000 people). The average victim will lose $8,069 per crime which means that an estimated $714 billion will be lost to cybercrime annually.
• A report by Cybersecurity Ventures, predicts that the global annual cost of cybercrime will reach $9.5 trillion USD in 2024 and $10.5 trillion by 2025. The report goes on further to state that ransomware is the “most immediate threat” on a global scale, with ransomware damages costing victims $42 billion so far in 2024 and thought to increase up to $265 billion annually by 2031.
• A study by Exploding Topics sets out that 95% of all breaches target government organisations, technological companies, or retail groups.

Those are staggering statistics and proof that a cyber-attack can and does happen to everyone. It’s simply not a question of if. Nowadays it’s a question of when.

You already know someone who has been attacked

1. Tech giant Microsoft – a company thought to be “bomb-proof” – suffered its own difficulties when a global outage affecting Microsoft products – including Microsoft Azure – the cloud computing platform behind many of its services; Microsoft 365, which includes systems like Microsoft Office and Outlook, as well as cloud systems like Intune and Entra – suffered a cyber-attack. The incident lasted almost 10 hours and caused thousands of users to report issues with Microsoft services. Due to worldwide issues with Microsoft Azure, a problem with Microsoft’s website affected several services including MyAccount and PayNow. Customers of UK Bank NatWest also reported issues. The HM Courts and Tribunals Service – which are responsible for the administration of criminal, civil and family courts and tribunals in England and Wales – also suffered with multiple online services. The latest outage comes less than two weeks after a major global outage left around 8.5 million computers using Microsoft systems inaccessible, impacting healthcare and travel, after a flawed software update by cybersecurity firm CrowdStrike. Shares in Microsoft dropped by 2.7% in after-hours trade on 30 July after the company reported weaker growth than expected in the April-June period.
2. On 31 July 2024, a ransomware attack on a technology service provider, C-Edge Technologies forced payment systems across nearly 300 small Indian local banks to shut down temporarily. The National Payment Corporation of India (NPCI), an authority that oversees payment systems, in a public advisory issued late on 31 July said that it had “temporarily isolated C-Edge Technologies from accessing the retail payments system operated by NPCI, to prevent any wider impact.
3. It’s clear that the attacks on national health systems worldwide are on the increase. Mostly – it’s believed – because it’s a disruption to healthcare which brings an entire society to a standstill. Locally, The National Health Laboratory Service, which was attacked in June 2024, is only now restoring some critical functions. The attack targeted information technology systems and disrupted laboratory services. It led to delays in processing laboratory tests at public health facilities. As of 1 August 2024, some of the critical services had been brought back online in a phased and controlled manner, beginning with academic and larger laboratories countrywide. These services include laboratory registration, results processing, and reporting via the Laboratory Information System. However, this took almost two months to get back online and operational resulting in serious backlog and concern over personal data leaks.
4. On the 23rd of May 2024, The Department of Justice, and Constitutional Development (DJ&CD) suffered another cyber security incident that affected child maintenance payments. The departments’ electronic payment system for third-party funds, including child maintenance, had been temporarily suspended following attempts to compromise the system. This followed the 2021 attack on the government entity which was hit by a ransomware attack that led to all information systems being encrypted and unavailable to internal employees, as well as members of the public. As a result, all electronic services provided by the department were affected, including the issuing of letters of authority, bail services, e-mail, and its website. The ransomware attack resulted in the Information Regulator issuing the department a R5 million fine for breaching South Africa’s data privacy law, the Protection of Personal Information Act (POPIA). At least 1 200 files containing the names, banking details and contact details of those who had submitted personal information to the DoJ&CD were compromised during the ransomware attack. The attack also spilled over to the office of the Information Regulator, disrupting the watchdog’s IT systems. This resulted in the regulator’s website being unavailable for three days, while the e-mail system went offline. To suffer another attack after the 2021 breach is a major blow for the DoJ&CD who had previously indicated an investment of their budgets in cyber security. How this will play out is yet to be seen.

The examples of organisations, Governments and institutions that have been attacked or which have been the victim of cyber-attacks is seemingly endless. And it will continue to grow.

You can read about further organisations that have been the victims of cyber-attacks here.

AJS has been attacked but came though intact and stronger!

On the 28th of July 2024 – AJS’ data centre experienced a cyber-attack initiated by the new, highly skilled Cicada 3301 hacker group.

AJS defends between 800 – 1000 cyber-attack attempts on any given day and has always successfully managed to fight them off. However, Cicada employs new methods and exploits recent and undiscovered vulnerabilities. The attackers gained entry via a FTP service and subsequently attempted a brute force attack on our network.

Francois Horn, Information Technology Data Manager at AJS had this to say about the cyber-attack –

“We were notified by our server monitoring systems about the attack, and we initiated an immediate shutdown of all network access. To ensure everyone’s safety and only after scanning all client servers to ensure everyone was clean, the servers were restored to service in a controlled manner from our backup systems.

Upon investigation we found that due to our system being compartmentalised, with each of our clients isolated from one another (an additional failsafe in our design) only a small, limited number of servers were affected with only one sub-section of our network attacked.

But the swift detection and response actions taken during the cyber-attack successfully contained the threat and preserved client data integrity. Moving forward, enhanced security measures and updated protocols will help prevent similar incidents and ensure an even more resilient infrastructure.

We are grateful for the support our clients have shown and who made a tricky situation that much easier to handle.

An event like this demonstrates the extreme importance for a well-designed backup and systems architecture. There are three main categories that are important and that you need to consider:

1. Cyber security: This includes items such as firewalls, anti-virus, system design and configuration along with regular reviews of design and testing of the system.
2. Geo-physical security: This refers to the practice to keep off-site backups as well as storage in different geographical areas. (In-case of disaster, fire, floods, riots, theft, etc.)
3. System redundancy: A well-designed system should be able to handle multiple failures (hard disk crash, power surges, loadshedding, data connectivity, etc).

AJS address all three of the above with its hosted solution and backups in three different geo-locations within the South African borders (in compliance with POPI requirements) and with 4th and 5th locations in the pipeline. The AJS server farm can handle multiple failures by design before service is affected and switching to a DR site.”

Cyber-attacks are no walk in the park but with the correct teams and technology in place, being attacked can make you stronger and better. While you have no control over being attacked and by whom, how prepared you are for the event is important. AJS was put to the test with a real-life attack, and we have demonstrated our resilience.

An organisation’s single most important asset is its data, and its preservation must be the number one priority. You can never be “too safe”. If it is lost, it can mean closing your doors. We still see too many clients reluctant to spend money on a proper system. When (not “if”) it is your turn to be attacked, how prepared are you?

What attacks are most common?

• Phishing is the most commonly used cyber-attack, making up roughly one-third of all reported data breaches and 78% of all cyber-espionage attacks. 17 in 20 phishing schemes target login information, including email addresses, usernames, and passwords. As a result, 20% of data breaches begin with stolen login information. As of Q1 2024, cybercriminals create nearly 1 million phishing sites per month – that’s almost 7x as many as in Q2 2020.
• Ransomware has become one of the most pervasive and fastest-growing threats to individuals and organisations worldwide. With attacks occurring every 39 seconds, cybersecurity professionals estimate that more than 300 million ransomware attack attempts happened throughout 2023.
• In 2023, there were over 6 billion malware attacks worldwide. That figure has remained fairly steady, ranging from 5.4 billion to 6.06 billion between 2020 and 2023. Hackers and bots distribute over 94% of all malware infections via email. And on average, a malware attack costs a company over $5 million.
• Cryptojacking is a form of cybercrime in which hackers use an individual or organisation’s computer system to mine cryptocurrencies like Bitcoin or Ethereum. While relatively new, the latest data indicates an uptick in unauthorised mining activities. Cryptojacking volume in Q1 2023 reached 332.3 million. And across the year attacks rose by 659%. Around 29% of WordPress plugins on popular websites may have vulnerabilities resulting in a cryptojacking attack.

In the weeks that follow we will be taking a look at cyber security – what you should be looking into, data and data backups and other little titbits that we believe will be useful when it comes to everything cyber related. Knowledge is power – sharing the knowledge can help others avoid the pitfalls of cyber-attacks.

In the meantime, if you are in need of a service provider who has a proven track record or if you want to find out how to incorporate a new tool into your existing accounting and practice management suite, or how to get started with legal tech,  feel free to get in touch with AJS – we have the right combination of systems, resources and business partnerships to assist you with incorporating supportive legal technology into your practice. Effortlessly.

AJS is always here to help you, wherever and whenever possible!

(Sources used and to whom we owe thanks: Exploding Topics; Comparitech; IT Web here, here and here; IBM; The Citizen; BBC here and here; The Hacker News; Blackberry Blog; Reuters; IOL; The Record; Forbes; Tech.co; USA Today; University of Maryland; Bluefin and KnowBe4)

– Written by Alicia Koch on behalf of AJS