Seattle Computer Repair by Emerald City IT
enardeitjaptrues

(206) 657-6685

Cyberattacks Targeting South Africa, January through June 2021

Details
Support Field: Computer Repair and Tech Support
Support Category: Virus, Spyware, & Malware Removal

F5 Labs was honored to host two Howard University undergraduate students, Malaya Moon and Akosua Wordie, as part of a Summer Security Practicum program. These two students assisted F5 Labs staff with analyzing and classifying web sensor data, and they dived de ep into attacks against South Africa from the first part of 2021. By doing so, Moon and Wordie learned about web application attacks, global scanning trends, and data analysis using Python, R, and other tools. What follows is the report on their findings. Wordie and Moon chose to focus on South Africa because they were interested in how attack traffic differs between regions, especially when it came to the Europe, Middle East, Africa (EMEA) region, and specifically South Africa.

Cyberattack Highlights from South Africa

F5 Labs, in collaboration with Effluxio, researches global attack traffic to gain a better understanding of the cyberthreat landscape. In this regional threat analysis, F5 Labs researchers broke down the data collected by sensors on attacks targeting South Africa from January 1 through June 30, 2021.

Cyberattacks happen in many forms, but they usually start with a scan. This report presents an analysis of logs of web requests to unadvertised web baiting. The attack’s originating source address does not necessarily indicate malicious intent from a source country or organization. The source address may be a compromised system at that location being used as a proxy by an unknown attacker in another location. F5 Labs noted the following about cyberattacks against South Africa:

  • The United States was the top source country for cyberattacks against users in South Africa, followed closely by China.
  • Internet hosting provider Serverius Holding B.v. (AS50673) was the source of the most attacks seen per ISP, with over 3,000 requests.
  • Scans for PHP vulnerabilities were the most frequent, but many other scans for vulnerabilities were also detected.

Attack Traffic Details

Analysis of the traffic yielded significant insights into the source and intended services that malicious actors wanted to abuse. This section covers the top categories, including traffic source countries, organizations, services, and IP addresses.

Top Source Traffic Countries

Analyzing the geographical sources of the IP addresses, malicious requests came from the following countries, in order: the United States, China, Germany, Estonia, Russia, the U.K., Singapore, France, South Africa, and the Netherlands (see Figure 1).