Transnet hackers ‘may have been architects of failed insurrection’

As Transnet recovers from a massive cyberattack earlier this week, South African cybersecurity experts have warned that no one, not even “blue-chip organisations with large security budgets”, are spared.

The state-owned South African rail, port and pipeline company on Tuesday declared the hack as a force majeure after bringing its online systems back in a “staggered manner to minimise further risk”.

On Wednesday, Transnet spokesperson Ayanda Shezi said it was all hands on deck to fully restore the system.

Transnet cyberattack

‘Act of sabotage’

DA shadow minister of public enterprises, Ghaleb Cachalia, tied the cyberattack to perpetrators of the “failed insurrection” and said it was becoming “increasingly clear that the crippling cyberattack on Transnet’s IT infrastructure was an act of sabotage”.

“The cyberattack is consistent with the insurrection’s modus operandi which targeted transport and logistics infrastructure,” Cachalia explained.

Cachalia urged law-enforcement agencies to “not waste their time looking for cyber terrorists outside our borders; they are in the country and they may have been the architects of the failed insurrection”.

ALSO READ: Transnet force majeure: Progress made to restore systems after cyberattack

What the experts say

Meanwhile, Anna Collard, senior vice-president of content strategy and evangelist at KnowBe4 AFRICA suspects the Transnet hack was a ransomware attack.

She warned: “With the United Stated declaring ransomware a national threat, more criminals will shift their attention towards the emerging economies.”

“South Africa is quite attractive because, on the one hand, we have developed infrastructure, a high degree of digitisation but at the same time not enough government capacity to defend against this on a national level.”

Collard said it was vital for the industry, public and private sectors to collaborate and assist each other in cases like this in order to defend South Africa “against this inevitable threat”. In addition, Stephen Osler – the co-founder of international cybersecurity services provider Nclose – said there was a “flurry of South Africans” falling victim to ransomware attacks.

He says more than 1,000 businesses had been compromised this year alone, “which is a massive increase from the same period of last year”. To make matters worse, Osler said “no one is spared”. He urged organisations to implement proper controls.

“It’s not a matter of ‘if’, it’s a matter of ‘when’. Unfortunately, as soon as a government organisation is compromised in this fashion, it’s assumed they didn’t have appropriate security controls. However, these ransomware attacks are happening to blue-chip organisations with large security budgets, so no one is spared.”