The brutal war in Yemen may appear like any traditional regional conflict with guns on the ground, but it is also one being fought as a very modern way using cyberwar and drone attacks.
The conflict between the Iran-backed Houthis rebels and a Saudi Arabia-led coalition involving the US, UK, and France has raged since 2015, killing an estimated 91,600 people, displacing over 2 million people and rendering about 24 million people, or 80% of the population, in need of humanitarian assistance.
Like all wars in Africa or the Middle East, the conflict itself is brutally old-fashioned, fought with guns, mortars and tanks.
However, in two ways it is a very modern war. In September, Houthi drone strikes on two state-owned Saudi Aramco oil processing facilities in eastern Saudi Arabia refocused the world’s eye on the Yemen conflict, especially because they threatened 10% of the world’s oil supply.
But it’s the cyberwarfare that is a key part of this current war, where the Houthi rebels took control of the country’s internet service provider (ISP), Yemen Net when they took over the capital in 2015.
The internet is now “another front,” said Allan Liska, threat intelligence analyst at RecordedFuture. “Seizing control of the internet assets lends a legitimacy to the Houthi forces that otherwise wouldn’t be there. They’re still not internationally recognised, but within country, they have that legitimacy.”
But it’s not just in an active conflict like Yemen, cybercrime is growing in Africa.
“Cybercrime today knows no borders, and its technical capabilities are improving fast,” says Riaan Badenhorst, general manager of security firm Kaspersky in Africa.
“Cybercrime in Africa is increasing at an exponential rate,” adds Nozipho Mngomezulu, a specialist telecoms and internet partner at law firm Webber Wentzel.
In 2017, Nigeria was the hardest hit by cyber-attacks with losses of $649-million, followed by Kenya with $210-million and Tanzania with $99-million, she adds, quoting IT firm Serianu’s 2017 cyber security report.
More than 95% of public and private organisations across the continent spent less than $1,500 a year on cybersecurity measures, with SMEs in particular failing to invest, according to the report.
She also notes that the Institute for Security Studies found South Africa is the target of 13,842 cyber-attacks daily.
“Cybercriminals currently see Africa as a safe haven where they can conduct their operations without the fear of being held accountable for their actions,” she told Africa In Check. “This is due firstly to the fact that cybercriminals view Africans as easy targets that can be easily manipulated and secondly, to the fact that most African countries are yet to catch up with the rest of the world insofar as cybersecurity is concerned.”
Several African countries have effectively shut down their internet during times of crisis – including Zimbabwe and Chad – making it possible for repressive regimes to keep citizens from protesting, literally by cutting off their means to communicate.
The most frequent targets are Facebook, WhatsApp and Twitter, which are ways of spreading information outside of state-owned media. WhatsApp, the messaging service owned by Facebook with over a billion users, has been “turned off” in the past year in several countries. It is also unfortunately the biggest way disinformation is spread.
In September Google’s security team revealed that Apple phones had been hacked, seemingly by the Chinese, to spy on the oppressed Uyghur Muslims in that country.
Not long afterwards WhatsApp sued Israeli security firm NSO Group for attacks on about 100 users, mostly human rights activists, lawyers, and journalists.
Yemen has also seen a spike in malicious software, known as malware, although the intentions of those cybercriminals can’t be discerned for either espionage or criminal purposes. But “the intent for criminals to take advantage of people in a warzone, as well as nation-states to do espionage … is there,” said Winnona DeSombre, a threat intelligence researcher at Recorded Future.
One fearsome form of cybercrime that has more criminal intent is ransomware, although it has mostly seemingly been for financial gain. In August, Johannesburg’s City Power utility was hacked with ransomware while the City of Johannesburg itself was hit in October.
A 2016 report from the African Union Commission and Symantec analysed cyber security trends and the response of governments found that of the continent’s 54 countries, 30 countries lacked specific legal provisions to combat cybercrime, says Mngomezulu. The 2017 WannaCry ransomware attacks – which targeted several African countries including South Africa, Nigeria, Angola, Egypt, Mozambique, Tanzania, Niger, Morocco and Tunisia – is testament to this report’s findings. “In the same year, cybercrime cost Africa an estimated total of $3.5 billion, as a result of ‘weak infrastructure security, lack of skilled human capital and a lack of awareness of the sector’s dynamics’,” she says, quoting figures from the Policy Center for the New South.
Indeed, adds, Arthur Goldstuck, the managing director of South African-based researchers World Wide Worx: “There is little sense of a cohesive strategy to fend off cyber-attacks, little knowledge sharing, and certainly no cyber defence capacity as part of national defences”.
Kaspersky’s Badenhorst says “The threat of ransomware remains as powerful as ever and as we continue to see this threat evolve in sophistication and cause havoc across the globe”. Commenting on the Johannesburg cases specifically, he says attacks on urban infrastructure are “often worryingly successful, with far-reaching impact on essential systems and processes, affecting not just the authority itself but local businesses and citizens”.
Kaspersky’s detection data shows that larger organisations, such as city authorities and enterprises, are the fastest-growing target. Attacks on employees of these organisations surged 17.9% in the 12 months to May 2019.
Read More: A cyberattack could wreak destruction comparable to a nuclear weapon
“Phishing and malware continue to be relentless threats, leveraged by cybercriminals,” warns IBM’s Sheldon Hand, the business unit leader of IBM Security. Increasingly organisations are understanding the need to routinely educate employees, while “unpatched vulnerabilities will continue to be exploited by attackers”.
Meanwhile, Kaspersky monitored 194,803 ransomware attacks in South Africa alone in 2018. That was a 64% increase over 2017, the Russian firm says.
Most African countries are “one ransomware attack away” from waking up to the need for defensive capabilities against these attacks, says Goldstuck. “The most commonly used tactic is praying nothing happens. However, prayer does not have a great track record in cybersecurity.”
IBM’s Hand adds that this year “many organisations across all industries faced unmanageable levels of cyber threats brought on by the changing threat landscape, the risk of exposure, and an ever-growing attack surface”.
Retailers – particularly those with a growing online presence – continue to be vulnerable, while the finance and insurance industry is the most targeted, he says.
Transportation services – which include airline, bus, rail, and water transportation services – are an increasingly targeted sector. “We expect the transportation sector to continue rising as an attractive target for malicious actors, because of the industry’s reliance on information technology to facilitate operations, its ubiquitous need for integration of third-party vendors, and its vast supply chain,” says Hand.
Mngomezulu warns that, at a continental level, “the lack of political urgency in enacting adequate cybersecurity legislation is particularly worrying”. Given how cybercrime and cyberwarfare is growing, we all should be worried.