Case Study:
The last two decades have witnessed increased technology adoption in Africa. According to
Forbes, there are more than 600 million total internet users in Africa. Analysis by the IFC and
Google finds that Africa's internet economy has the potential to reach US$180bn by 2025,
accounting for 5.2% of the continent's GDP. By 2050, the projected potential contribution could
reach US$712bn, 8.5% of the continent's GDP. But the rise of the internet also has a dark side,
with the growing risk of private citizens, businesses, and governments falling victim to cybercrime.
The South African Reserve Bank (SARB) has identified cybercrime and emerging technologies as
growing threats to South Africa's banking sector. In its report, the reserve bank said threats
including internet and mobile banking platforms, may be exploited to facilitate money-laundering
and fund terrorism. South Africa is ranked among the top ten countries in the world in terms of
cybercrime. The country is also ranked seventh out of sixteen countries polled for the highest cost
of a cyber breach. The report notes over 90% of the banking sector offers online banking services,
and mobile application banking, except for one mutual bank.
"Although online banking offers faster transactions and more convenient options for banking,
these features are also attractive to criminals. Online features can hide the true identity of clients
(which in-branch visits would have detected), and these features can also hide the true
destination and beneficiaries of funds," says the SARB report. Southern African Fraud Prevention
Service (SAFPS) CEO, Manie van Schalkwyk says consumers must try by all means to make sure
that their data is always secured. According to SABC News, Phishing remains one of the most
prevalent scam techniques. The South African Banking Risk Information Centre (Sabric) estimates
that SA businesses suffer a total of about R250 million in losses each year due to phishing attacks
and internet fraud.
However, according to an article by African Business published on August 8, 2022, Kaspersky, a
Russian firm that provides anti-virus software, in their analysis revealed that attacks related to
data loss threats including phishing, scams, and social engineering increased significantly in Africa
in Q2 2022 in comparison with the previous quarter.
The company detected 10,722,886 phishing attacks in Africa in Q2. Kenyan users were influenced
the most by this type of threat: there were 5,098,534 phishing attacks detected in 3 months - a
growth of 438% when compared with the previous quarter. Kenya was followed by South Africa
(4,578,216 detections and a growth of 144%) and Nigeria (1,046,136 detections and a growth of
174%).
The Guardian in an article published August 3, 2022, reported Kaspersky saying social engineering,
"human hacking" scams, are used in many ways, and for different purposes, to lure unwary users
to the site and trick them into entering personal information. It stressed that the latter often
includes financial credentials such as bank account passwords or payment card details, or login
details for social media accounts.
According to the security firm, phishing is a strong attack method because it is done on a large
scale. It stressed that by sending massive waves of emails under the name of legitimate
institutions or promoting fake pages, malicious users increase their chances of success in their
hunt for innocent people's credentials. The article explained that phishers deploy a variety of
tricks to bypass email blocking and lure as many users as possible to their fraudulent sites, adding
that a common technique is HTML attachments with partially or fully obfuscated code. It stressed
that HTML files allow attackers to use scripts, and obfuscate malicious content to make it harder
to detect and send phishing pages as attachments instead of links.
According to a recent Interpol report, about 90% of African businesses are operating without the
necessary cybersecurity protocols and, therefore, are exposed to cyberattacks. The report also
noted that there were more than 700 million threat detections in Africa within one year. Over the
years, there have been efforts from different African countries to address the cybersecurity
challenge. According to an article by Forbes published on August 2, 2022, in South Africa,
President Cyril Ramaphosa signed the Cybercrimes and Cybersecurity Act in 2021. This law
mandates electronic communication service providers and financial institutions to act when their
systems suffer a cybersecurity attack or breach. South Africa had previously signed the Protection
of Personal Information Act No. 4 of 2013 Act into law.
At the continental level, the African Union (AU) adopted the Convention on Cyber Security and
Personal Data Protection, also known as the Malabo Convention, in 2014. This was followed by
the release of the Personal Data Protection Guidelines for Africa, a collaborative measure
between the Internet Society and the AU, in 2018. According to the United Nations Conference on
Trade and Development (UNCTAD), out of the 54 countries in Africa, only 33 (61%) have a data
protection law in place. Meanwhile, Business Tech in an article dated July 8, 2022, said the
Department of Police gazetted its draft search and seizure rules for cybercrimes committed in
South Africa. The Gazette, which is currently open for public comment, falls under the
Cybercrimes Act which was partly introduced by President Cyril Ramaphosa at the end of 2021.
"The Cybercrimes Act provides a new legal mechanism for addressing cybercrime in South Africa,
as well as creating a range of new cybercrime offences," the department said. "It also provides for
mechanisms to preserve electronic evidence in the cyber domain, to conduct the search, access,
and seizure operations in respect of an article as defined in the CCA, and the gathering of data
connected to both cyber and other crimes that are committed by means of or facilitated through
the use of an article." The draft rules also noted that an individual's right to privacy, as well as
other fundamental rights, must always be respected, and any infringement of these rights may
only be justified in terms of the law. "The right to a fair trial is paramount, and the responsibility
of the investigation and prosecution team in terms of gathering, preserving, and presenting
evidence to a court fairly and objectively, remain of utmost importance." Without serious
cybersecurity efforts, opportunistic criminals around the world stand poised to reap the benefits
of Africa's internet growth story.
Below is an excerpt from the case study related to this question:
“But the rise of the internet also has a dark side, with the growing risk of private citizens,
businesses, and governments falling victim to cybercrime.”
A web server provides services that are implemented as web applications through software
applications running on the server. Explain five (5) methods cybercriminals can use to attack
web server applications.
The answer explains the five methods and applies to the case study.
1. SQL Injection: Cybercriminals can exploit vulnerabilities in web server applications by injecting malicious SQL code into user input fields. This can allow them to access or manipulate the underlying database, potentially compromising sensitive data.
In the case study, cybercriminals could use SQL injection to gain access to banking systems and manipulate transactions or extract customer information for illegal purposes.
2. Cross-Site Scripting (XSS): This attack involves injecting malicious scripts into web pages viewed by other users. These scripts can be used to steal sensitive information, such as login credentials or session cookies, or even to perform actions on behalf of the targeted user.
In the context of the case study, cybercriminals could exploit XSS vulnerabilities in online banking platforms to trick users into providing their login credentials or other sensitive information.
3. Distributed Denial of Service (DDoS): In a DDoS attack, cybercriminals overwhelm a web server with a flood of traffic from multiple sources, effectively rendering it inaccessible to legitimate users. This can disrupt online services, cause financial losses, and impact the reputation of the targeted organization.
In the case study, cybercriminals could launch DDoS attacks against banking systems, causing disruption to online banking services and potentially leading to financial losses for the banks and their customers.
4. Remote Code Execution (RCE): This type of attack occurs when cybercriminals exploit vulnerabilities in web server applications to execute arbitrary code remotely. This can give them unauthorized access to the server and allow them to install malware, steal data, or carry out other malicious activities.
In the context of the case study, cybercriminals could exploit RCE vulnerabilities in banking applications to gain unauthorized access to the server, compromising sensitive customer data or even manipulating financial transactions.
5. File Inclusion Vulnerabilities: Cybercriminals can exploit file inclusion vulnerabilities in web server applications to gain unauthorized access to files or execute malicious code. This can allow them to read or modify sensitive data, upload malware, or execute arbitrary commands on the server.
In the case study, cybercriminals could exploit file inclusion vulnerabilities in banking applications to gain access to sensitive customer data, such as account details or transaction history, or to upload malware that can further compromise the server or other systems on the network.
There are several methods that cybercriminals can use to attack web server applications. Here are five common methods:
1. SQL Injection: In this type of attack, cybercriminals exploit vulnerabilities in the web application's input fields to inject malicious SQL commands. This allows them to gain unauthorized access to the web server's database, manipulate data, or even execute remote code.
2. Cross-Site Scripting (XSS): XSS attacks involve injecting malicious scripts into web pages viewed by other users. This is often done by exploiting input fields or injecting code into vulnerable websites. When unsuspecting users visit the compromised page, the injected script can steal their sensitive information, such as login credentials or personal data.
3. Distributed Denial of Service (DDoS): In a DDoS attack, cybercriminals flood the web server with an overwhelming amount of traffic from multiple sources, causing it to become unavailable to legitimate users. This is typically achieved by using a botnet, a network of compromised computers, to generate massive traffic volumes.
4. Remote File Inclusion (RFI): RFI attacks occur when cybercriminals exploit vulnerabilities in a web application to include and execute malicious files from external servers. By exploiting this weakness, attackers can execute arbitrary code on the web server, gaining unauthorized access or causing other malicious activities.
5. Remote Code Execution (RCE): RCE attacks involve exploiting vulnerabilities in the web application's code to execute arbitrary commands on the web server. By gaining unauthorized access to the server's underlying operating system, cybercriminals can take control, install malware, or perform other malicious actions.
In the context of the case study, these methods highlight the growing risks associated with increased technology adoption in Africa. The rise of internet usage in the region has provided cybercriminals with more opportunities to target private citizens, businesses, and governments, potentially leading to financial losses and other negative consequences. It is crucial for organizations and individuals to implement robust cybersecurity measures and stay informed about the latest threats to protect themselves from these attacks.
Cybercriminals can use various methods to attack web server applications. Here are five common methods they employ:
1. Injection attacks: Cybercriminals exploit vulnerabilities in web applications by injecting malicious code or commands. This includes SQL injection, where attackers manipulate SQL queries to gain unauthorized access to databases, and cross-site scripting (XSS), where they inject malicious scripts into web pages viewed by users.
In the case study, cybercriminals may use injection attacks to gain access to banking systems by manipulating inputs in internet and mobile banking platforms.
2. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks: These attacks aim to overwhelm a web server or network with a flood of traffic, rendering it inaccessible to legitimate users. Attackers often use botnets, networks of compromised computers, to carry out DDoS attacks.
If South African banks do not have proper security measures in place, cybercriminals might launch DoS or DDoS attacks, causing disruption to online banking services.
3. Cross-Site Scripting (XSS): As mentioned earlier, XSS attacks involve injecting malicious code into web pages, targeting users who view those pages. This code can steal sensitive information, such as login credentials or financial details, from unaware users.
In the case study, cybercriminals could use XSS attacks to trick users into revealing their banking information on fake pages or via phishing emails.
4. Remote File Inclusion (RFI) and Local File Inclusion (LFI) attacks: These attacks exploit vulnerabilities in web applications to include malicious files from an attacker-controlled server. RFI allows attackers to execute arbitrary code on the server, while LFI enables them to access sensitive files on the server.
By exploiting RFI or LFI vulnerabilities, cybercriminals can gain unauthorized access to confidential data stored on web servers, including customer information or banking records.
5. Brute Force attacks: In this method, attackers systematically attempt to guess usernames and passwords to gain unauthorized access to web applications. They use automated tools that can try thousands or even millions of combinations in a short period.
If proper security measures, such as strong password policies and account lockouts after multiple failed login attempts, are not in place, cybercriminals may succeed in brute force attacks to compromise web server applications.
In summary, these are five common methods cybercriminals can use to attack web server applications: injection attacks, DoS/DDoS attacks, XSS attacks, RFI and LFI attacks, and brute force attacks.