Inthis talk, I will provide a quick overview with regards ... · Russia. Today, South Africa is...
Transcript of Inthis talk, I will provide a quick overview with regards ... · Russia. Today, South Africa is...
[1 min]
In this talk, I will provide a quick overview with regards to the African Cyberspace
(including broadband connectivity and the malware landscape). I will then share some
anecdotal evidence on the impact of ransomware in Africa, and South Africa in general
and then close off by sharing some of my views on how we can arrest the scourge of
malware and ransomware in Africa by cooperating with the global community. The
reason we want to focus on malware and ransomware is that most attacks (95% of cyber
breaches) are caused by malware.
1
2
Africa is a very unique and large continent. Its size is sometimes undermined by the
world. It has a population of over a billion people living in about 57 countries with
diverse cultures and languages. Although bigger, Africa’s GDP is only 2.6 trillion. Europe
is 24 trillion and North America: 20.3 trillion (82% made up by the US). Incredible, isn’t?
Introduce next slide: Although Africa is one of the biggest continent, we always lag
behind on various issues when it comes to ICTs.
3
In 2009, broadband connectivity in Africa was very minimal with only one under sea high
speed cable connecting many countries in Africa to the outside world. Mostly, African
countries relied on the slow satellite connectivity. African did not have equal connection
as compared to the rest of the world, and this is still the case in some other parts of the
continent. By 2012, Africa was heavily connected after a lots of investments from telcos,
and Internet access (services) started to also increase.
Currently, there is a quarter of a billion of netizens in Africa who have access to the
Internet. It is estimated that there are ½ a billion unique mobile mobiles, estimated at
over 50% of the population numbers and a 100% penetration is predicted by 2020.
However, this is only a small fraction when compared to the global internet access.
Next Slide: Thus, Africa is regarded as the “Mobile First and Mobile Only” continent with
many netizens having contact with the Internet using mobile devices
4
Mobile phones are the bridging the digital divide in Africa. The poor and rich, those is
the cities and those in the rural areas can now have access to technology. Another
interesting fact is that 52% of all live mobile money services are in Sub-Saharan Africa.
Next Slide: The rise of mobile devices has also lead to the rise in cyber ills.
5
The increase in broadband connectivity has also lead to an increase in cyber attacks.
Reports indicate a 150% cyber attacks increase in Africa between 2014 – 2015. And
experts say that 31% of all attacks targeted small businesses, because they are ill-
prepared to respond, never mind not even believing that there is something
called cyber attacks.
Attacks in Africa vary from Web Defacements to cause embarrassments to
governments to DDOS attacks and Cyber crime using malware and ransomware.
The continent is loosing over R1 billion annually to cyber crime. In 2012, South
Africa was on the top 3 of countries suffering from cybercrime including China and
Russia. Today, South Africa is the number 1 cyber attacked in the continent.
6
The terrible thing is that malware infection rates are high in Africa (Microsoft).
Astonishingly, 80% of computers have one or more of malicious code. Mobile
ransomware has emerged as the biggest mobile security threat. Mobile Banking
Malware has taken over stealing users credentials and of course money.
Next slide: However, Africa is not alone – the malware battle is virtually LOST and
new thinking is required from the malware defenders
7
It is evident that the malware trend is increasing, and we (defenders) practically
have lost the war against cyber criminals.
New variants of ransomware are being introduced on regular basis to beat the
defenders who are always one step behind. It is reported by the Infosecurity
Magazine that about 430 million new malware variants were seen in 2015, with
an increase of 35% in crypto-ransomware.
Research surveys suggest that 50% of organizations have had a ransomware
incident over the last year. 40% pay the ransom – making it even more lucrative
for cyber criminals to continue in their business. The number of users
encountering the ransomware continues to rise – currently sitting at R2.3m.
8
Cyber criminals need not to be technical as we see a number of Ransomware as a
Service platform coming up where ordinary users can buy ransomware online
9
Ransomware is prevalent and evenly distributed in Africa. However, on average
ransomware infections are higher in Africa compared to what is found in other
countries, especially when you consider the Internet penetration.
10
There are of course some attempts to deal with the ransomware problems and
one of them is the Nomoreransom project. However, the challenge is it only
deals with past problems.
11
We are (defenders) doing something WRONG or we are NOT doing something RIGHT..
Current solutions are not working as required…anti-virus tools are not handling the
current problems well
12
Even tools that are meant to protect us are buggy.
13
Most of the problems in the cyberspace are said to be caused by hackers – the bad guys.
But the reality is that the bad guys are only exploiting the cyber insecurity thinking of
defenders, who like criminals are also after money, not necessarily resilient
cybersecurity systems. There is no debate that the more code we write, the more our
systems become faulty. There more complex they are, the more insecure they are. The
graph on the screen shows the number of vulnerabilities discovered over the years…and
all we see is exponential growth. Each device on average was running 28 known
vulnerabilities. Devices were actively running known vulnerabilities for an average of
5.64 years. More than 9 percent have known vulnerabilities older than 10 years. Is this
not crazy?
14
It is evident that there more time we spend on writing good quality code, the less
problems we will have with our current software
15
“Cybersecurity is all about power and only power”. Dan Geer (Black Hat, 2014).
16
Current cyber technologies cannot continue to be developed and deployed to the
masses at will. Vendors need to start following standardization and verification
processes. Today, we have the problem of vendors competing to beat each other on
who gets the most insecure solution to the market first. The quick release of new
software that has not been thoroughly tested is the biggest cause of the malicious
cyberspace. If something has the potential of causing harm, it must be regulated.
17
Cybersecurity will always be exactly as bad as it can possibly be while allowing
everything to still function or making somethings optional to function. Dan Geer in his
keynote address at black hat 2014 quoted that “the only two products not covered by
product liability today are religion and software, and software should not escape for
much longer”. Vendors should be responsible for the harm that their products cause.
There is functionality that must not be allowed to be ON, when causing harm to users.
Secondly, software products must have functions that cannot just be turned on and off.
A simple example: End-to-end encryption is always activated on the latest versions
of WhatsApp. There is no way to turn off end-to-end encryption
18
The cybersecurity perspective that we have these days is myopic, because it is only
based on vendors perspective. We always do not have the whole picture… thus it is
important that cybersecurity failures are formally reported, just like it is the norm when
it comes to crime, diseases, job numbers, births and deaths. If the cybersecurity
community wants to operate in the “unregulated” environment, we must expect more
and more unlawful activities.
19
It is evident that no one vendor, one country, one continent can address most of the
cybersecurity challenges. On the Internet, the logical borders makes us a one big cyber
continent with few countries. Currently, attackers are always one step ahead, whilst
defenders are always following behind. Criminals are collaborative, they share code and
build malicious software together. Defenders do not do that…
20
It is evident that no one vendor, one country, one continent can address most of the
cybersecurity challenges. On the Internet, the logical borders makes us a one big cyber
continent with few countries. Currently, attackers are always one step ahead, whilst
defenders are always following behind. Criminals are collaborative, they share code and
build malicious software together. Defenders do not do that…
21
For us to win the war of malware in the cyberspace, we must invest in more forward
engineering than in reverse engineering. We must start building better cybersecurity
solutions that are also cyber-proof (to some extent). Lets think like hackers and defend
like ninjas. We must be proactive. Forward focused and continuously scouring for
vulnerabilities, connecting dots, detecting variances and sifting through billions
of events to build upon a base of actionable knowledge.”
22
23