The South African Rail Agency lost around R30.6 million ($1.6 million) after the transport network fell victim to a phishing scam.
In his annual reportthe Passenger Rail Agency of South Africa (PRASA) said it had recovered just over half of the total money stolen by the criminals behind the attack.
The theft remains the subject of an ongoing investigation.
“PRASA suffered a Cyber Security Attack – Phishing where the loss exposure was R30,568,830.00,” the transport agency said in its report. “A criminal case has been opened and an amount of R15,721,813.00 has been successfully recovered. PRASA is still in the process of recovering the remaining balance. The matter is still under investigation by the police.”
Ghost email account
Details about the attack were not disclosed and the agency did not respond to Dark Reading’s requests for comment.
James McQuiggan, security awareness advocate at KnowBe4, believes that, based on the railroad’s report, the attack could be the work of an employee who created ghost employee accounts to siphon money.
“Whether intentional or not, insider threats pose a significant risk to organizations, impacting the integrity, confidentiality and availability of their data, personnel and facilities,” he says.
Email interception-related fraud, meanwhile, is on the rise in South Africa, according to a study from management services firm Aon: Around one in five (22%) companies surveyed have reported such an incident in the past five years.
Digital banking fraud in the region is on the rise, with a 30% increase in digital banking fraud cases compared to 2022, according to the South African Banking Risk Information Center (SABRIC).
Exploiting human susceptibility to phishing scams is a factor in many security breaches in the region.
“Social engineering, and particularly phishing, remains a major problem for many organizations across Africa,” says Javvad Malik, lead security awareness advocate at KnowBe4. “According to our 2023 Phishing benchmarking report by industryon average, across organizations of all sizes, around a third (32.8%) of African employees are prone to falling victim to a phishing attack if they have not received any security awareness training.”
McQuiggan recommends that companies focus on defining, detecting, evaluating, and managing insider threats, which involves recognizing related behavior, evaluating possible insider threats, and implementing a risk mitigation program, to avoid being a similar victim.
“Organizations need to understand that insider threats can manifest themselves in a variety of ways, including violence, espionage, sabotage, theft and cyber acts,” says McQuiggan. “By recognizing and addressing insider threats, organizations can demonstrate care for their employees and safeguard their assets and mission.”
Beware the security gap
Rail networks and transportation systems are facing a multitude of cyber threats that threaten both their operational integrity and data security.
“Ransomware, DDoS (Distributed Denial of Service) and data threats are the main attacks targeting the rail industry,” says Bharat Mistry, chief technology officer at Trend Micro.
“Ransomware is steadily increasing in the transportation sector, targeting rail IT systems, including those behind ticketing systems for passenger operations, mobile phone apps and passenger information systems, causing disruptions by rendering these services unavailable. available,” he adds.
The gradual adoption of the use of Internet of Things (IoT) devices in rail system networks also introduces vulnerabilities that could be exploited by attackers to gain unauthorized access or manipulate data. In response to the challenge, rail operators have partnered with technology specialists to strengthen their cybersecurity resilience.
For example, Saudi Railway Company (SAR) recently announced a partnership with Sirar by stc build “comprehensive cybersecurity services” to safeguard the rail network.