South African Railways Lost Over $1M in Phishing Scam

  /     /     /  
Publicated : 23/11/2024   Category : security


South African Railways Lost Over $1M in Phishing Scam


Just over half of the stolen funds have been recovered.



South Africas railway agency lost some 30.6 million rand (US$1.6 million) after the transport network fell victim to a phishing scam.
In its
annual report
, the Passenger Rail Agency of South Africa (PRASA) said that it had recovered just over half of a the total money stolen by the criminals behind the attack.
The theft remains the subject of an ongoing investigation.
PRASA experienced a Cyber Security Attack - Phishing where the loss exposure was R30,568,830,00, the transport agency said in its report. A criminal case was opened and an amount of R15,721,813.00 was successfully recovered. PRASA is still in the process of recovering the remaining balance. The matter is still under police investigation.”
Details about the attack were not disclosed, and the agency did not respond to requests for comment from Dark Reading.
James McQuiggan, security awareness advocate at KnowBe4, believes that, based on the railways report, the attack may be the work of an employee who created ghost accounts of employees to embezzle the money.
Whether intentional or unintentional, insider threats pose a significant risk to organizations, affecting the integrity, confidentiality, and availability of their data, personnel, and facilities, he says.
Email interception fraud, meanwhile, is on the rise in South Africa, according to a
study
by management service firm Aon: About one in five companies (22%) surveyed reported such an incident in the last five years.
Digital banking fraud in the region is increasing, with a
30% increase in digital banking fraud cases
compared with 2022, according to South African Banking Risk Information Centre (SABRIC).
Exploiting human susceptibility to phishing scams is a factor in many security breaches in the region.
Social engineering, and particularly phishing, remain a big issue for many organizations across Africa, says Javvad Malik, lead security awareness advocate at KnowBe4. According to our 2023
Phishing by Industry benchmarking report
, on average, across all sizes of organizations about a third (32.8%) of African employees are prone to fall for a phishing attack when they havent had any security awareness training.”
McQuiggan recommends that businesses focus on defining, detecting, assessing, and managing insider threats, which involves recognizing concerning behavior, assessing possible insider threats, and implementing risk mitigation program, to avoid being a similar victim.
Organizations must understand that insider threats can manifest in various ways, including violence, espionage, sabotage, theft, and cyber acts, McQuiggan says. By acknowledging and addressing insider threats, organizations can demonstrate care for their employees and safeguard their resources and mission.
Railway networks and transport systems face a multitude of cyber threats
that threaten both their operational integrity and data security.
“Ransomware, distributed denial-of-service (DDoS), and data-related threats are the main attacks targeting the railway sector, Trend Micro technical director Bharat Mistry says.
“Ransomware has been steadily increasing in the transport sector targeting railway IT systems, including those behind passenger operations ticket systems, mobile phone apps, and passenger information systems, causing disruption by making these services unavailable, he adds.
The gradual adoption of use of Internet of Things (IoT) devices in rail system networks also introduces vulnerabilities that could be exploited by attackers to gain unauthorized access or manipulate data. In response to the challenge, railway operators have forged partnerships with technology specialists in order to bolster their cybersecurity resilience.
For example,
Saudi Railway Company (SAR) recently announced a partnership with sirar by stc
to build comprehensive cybersecurity services to safeguard the rail network.

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
South African Railways Lost Over $1M in Phishing Scam