South African Railways Lost Over $1M in Phishing Scam
South Africa’s railway agency lost some 30.6 million rand (US$1.6 million) after the transport network fell victim to a phishing scam.
In its annual report, the Passenger Rail Agency of South Africa (PRASA) said that it had recovered just over half of a the total money stolen by the criminals behind the attack.
The theft remains the subject of an ongoing investigation.
“PRASA experienced a Cyber Security Attack – Phishing where the loss exposure was R30,568,830,00,” the transport agency said in its report. “A criminal case was opened and an amount of R15,721,813.00 was successfully recovered. PRASA is still in the process of recovering the remaining balance. The matter is still under police investigation.”
Ghost Email Accounts
Details about the attack were not disclosed, and the agency did not respond to requests for comment from Dark Reading.
James McQuiggan, security awareness advocate at KnowBe4, believes that, based on the railway’s report, the attack may be the work of an employee who created ghost accounts of employees to embezzle the money.
“Whether intentional or unintentional, insider threats pose a significant risk to organizations, affecting the integrity, confidentiality, and availability of their data, personnel, and facilities,” he says.
Email interception fraud, meanwhile, is on the rise in South Africa, according to a study by management service firm Aon: About one in five companies (22%) surveyed reported such an incident in the last five years.
Digital banking fraud in the region is increasing, with a 30% increase in digital banking fraud cases compared with 2022, according to South African Banking Risk Information Centre (SABRIC).
Exploiting human susceptibility to phishing scams is a factor in many security breaches in the region.
“Social engineering, and particularly phishing, remain a big issue for many organizations across Africa,” says Javvad Malik, lead security awareness advocate at KnowBe4. “According to our 2023 Phishing by Industry benchmarking report, on average, across all sizes of organizations about a third (32.8%) of African employees are prone to fall for a phishing attack when they haven’t had any security awareness training.”
McQuiggan recommends that businesses focus on defining, detecting, assessing, and managing insider threats, which involves recognizing concerning behavior, assessing possible insider threats, and implementing risk mitigation program, to avoid being a similar victim.
“Organizations must understand that insider threats can manifest in various ways, including violence, espionage, sabotage, theft, and cyber acts,” McQuiggan says. “By acknowledging and addressing insider threats, organizations can demonstrate care for their employees and safeguard their resources and mission.”
Mind the Security Gap
Railway networks and transport systems face a multitude of cyber threats that threaten both their operational integrity and data security.
“Ransomware, distributed denial-of-service (DDoS), and data-related threats are the main attacks targeting the railway sector,” Trend Micro technical director Bharat Mistry says.
“Ransomware has been steadily increasing in the transport sector targeting railway IT systems, including those behind passenger operations ticket systems, mobile phone apps, and passenger information systems, causing disruption by making these services unavailable,” he adds.
The gradual adoption of use of Internet of Things (IoT) devices in rail system networks also introduces vulnerabilities that could be exploited by attackers to gain unauthorized access or manipulate data. In response to the challenge, railway operators have forged partnerships with technology specialists in order to bolster their cybersecurity resilience.
For example, Saudi Railway Company (SAR) recently announced a partnership with sirar by stc to build “comprehensive cybersecurity services” to safeguard the rail network.