‘We were caught napping’: Cyberattack leaves Free State council scrambling

What was initially called a system crash by the Free State’s Moqhaka Local Municipality turned out to be a crippling cyberattack on an ICT system said to have no backup or proper security software.

It is yet another cybercrime incident in the public sector that relies on mostly inadequate ICT security systems.

The cyberattack in June left the Kroonstad-headquartered municipality with no data after April 2023.

An ICT company was hired to help retrieve information from May. The laborious task of rebuilding the data system manually is still underway.

The ANC-led municipality says two officials face disciplinary procedures following the cyberattack.

Sources said municipal officials initially announced that the system was offline because of a system crash.

“It emerged that it was actually hacked, and that data has been lost. It seems the criminals wanted to wipe out information, especially financial information,” said an insider.

“We do not know yet is whether this was an inside job or the work of someone from outside. They found that there is no system backup, it is very weak.”

‘Havoc’

Opposition parties say this has left municipal services in disarray, including billing and payment of service providers.

No accounts are issued to ratepayers, while property sale clearing work for lawyers is piling up.

“This is wreaking havoc on residents, particularly those who have recently sold properties.

“Furthermore, not only has the municipality struggled to compensate contractors, leading to a cascading effect on service delivery, but it has also resulted in a substantial backlog of tasks, including unblocking sewage, repairing water leaks, and addressing meter issues,” said Democratic Alliance (DA) councillor Linda Louwrens.

ALSO READ: ‘Daily Maverick’ ‘under cyberattack’ after Modi plane saga report

She said there have been no updates or reports to the council regarding the incident.

“The consequences are substantial, we are witnessing a grave financial hit due to dwindling revenue. Residents’ waning confidence in the municipality’s ability to provide essential services has led to reluctance to settle their municipal dues.”

Freedom Front Plus (FF Plus) councillor Lousanne van Heerden said although the municipality has started working on property clearance, the situation is a mess.

“All councillors from all political parties are frustrated, we have no answers for our constituents regarding this hacking.

“To top it all, the city is being swallowed by sewer spillages, there is no work being done, and the cyber attack has made the situation worse.”

Security software expired

Moqhaka spokesperson Dika Kheswa confirmed the incident, adding that ICT department employees were unable to access the system after being locked out by the criminals.

“We were concerned that they [hackers] managed to access our financial system, but we were able to recover and pay salaries.

“No residents’ information was breached, but they were able to interrupt the finance data. The billing system was also affected, we are unable to inform residents how much they owe, the IT firm and staffers are loading data manually, dating from May,” said Kheswa.

“A report is being prepared for the council. We have notified the provincial and national Treasury departments. We have asked the state security agency and the IRSA for help.

“This has had an impact on revenue collection because the last billing was issued in April. New rates kicked in on 1 July, but we asked residents to use previous billing to pay while we sort this out.”

Kheswa said Moqhaka Local Municipality is looking to strengthen its ailing ICT system and implement a governance plan, controls and a cybersecurity framework.

ALSO READ: Going beyond ‘Nigerian Prince’: SA turning into Africa’s cybercrime capital

Security software licences had expired, he added.

“We were caught napping. We need a proper firewall in place, that report will expand on these problems.

“We found that certain licences had expired, but we’ve since procured and installed them, our system was weak.”

A criminal case was opened with the police.

Two officials have been suspended and will soon face disciplinary processes, said Kheswa.

SA data security lacking

Online crimes are increasing in South Africa, despite the passing of the Cyber Crimes Bill into law in 2021.

According to Interpol’s 2022 African Cyber Crime Assessment report, the country’s online defence systems are weak.

Poor investment in cyber security, the lack of sophisticated measures to counter the attacks and the small pool of highly skilled individuals are some of the reasons why criminals have a field day online.

Both private and public sectors are prone to cybercrime.

Recent incidents include the following:

• The 2019 hacking of the City of Joburg, where hackers disrupted its official website, demanding over R400 000 in Bitcoin.
• Department of Justice ransomware attack that grounded courts to a halt in 2021
• Credit bureau TransUnion ransomware attack in 2022, where criminals accessed millions of records. The hackers demanded R223 million in Bitcoin.
• Attempted breach at the SA Reserve Bank in 2022. The USA’s FBI alerted the central bank about the crime, beating local authorities who were clueless about the incident.
• A 2019 wave of Distributed Denial of Service (DDoS) hit the country’s banks, sending banking services glitches across the country.

In the case of the Department of Justice, the Information Regulator of SA last month slapped the department with a R5 million fine for failing to submit proof that security software licences were renewed.

The regulator’s tasks include monitoring and enforcement of compliance with the provisions of the Protection of Personal Information Act, known as the PoPIA Act.

All public and private entities are legally required to inform the IRSA about any cyber incidents.

NOW READ: Cyber attacks: Negligence, poor systems make South Africa cyber crime heaven