The SAWS Information and Communication Technology (ICT) systems went down on January 26 following a security breach by criminals. Picture: Supplied
DESPITE the adoption of the Cybercrimes Act in 2023, South Africa still has significant gaps in its capabilities as cyber attacks on institutions, including government entities, starts to become a frequent occurrence with the South African Weather Service (SAWS) the latest target.
The SAWS Information and Communication Technology (ICT) systems went down on January 26 following a security breach by criminals.
Aspects of critical services including aviation and marine were all interrupted. The SAWS email system and website, which is the hub of critical weather information, were also affected.
The attack was the second in the space of two days after an initial attempt had failed.
SAWS’ chief executive Ishaam Abader said they were still working to recover their systems.
“We are still in the early stages of recovery. It took other organisations that fell victim to this kind of crime anything from weeks to months or more to recover fully. We hope to be back on our feet sooner,” Abader said.
Last year, the National Health Laboratory Service (NHLS) had to rebuild and restore some of its critical information technology infrastructure and systems affected by a cyber attack. The Companies and Intellectual Property Commission (CIPC) was also hacked.
In 2023, the Western Cape Provincial Parliament (WCPP) suffered a data breach.
SAWS spokesperson, Oupa Segalwe said an investigation by their cyber security service provider found that the RansomHub group was responsible for the data breach.
“It appears they gained entry into the SAWS’ network through a phishing email. RansomHub’s modus operandi involves the encryption of a victim’s systems. During encryption, the victim loses all access to their systems. The group then proceeds to demand a ransom in exchange for decryption, failing which the group would publish the victim’s confidential information on the dark web. Thus far, no specific amount has been demanded as a ransom. To the Saws’ knowledge, none of its information has yet been published on the dark web.
“SAWS’ Internet services were initially restricted to contain the spread of the ransomware, the firewall was systematically locked down to minimise external connections to untrusted or high-risk destinations, the firewall was also patched, the latest and more modern antivirus – with extended detection and response – was installed in all devices, patch fixes to operational servers were applied, zero-trust permissions on the internet breakout were applied and the network was segregated where new servers were being built,” he explained.
According to Segalwe, ICT experts working on the restoration of the compromised ICT systems on Friday, got the SAWS aviation website back online for the first time since the attack.
“This has enabled the aviation industry to access limited, but critical services, including products such as the international significant weather charts, wind charts, domestic and international flight documentation, research products and RADAR images via the website.”
Segalwe said a criminal case was under investigation.
Police did not respond to requests for comment by deadline.
Cape Times
Related Topics: