The Passenger Rail Agency of South Africa (PRASA) reported a loss of 30.6 million rand (US$1.6 million) after falling victim to a phishing scam, according to the annual report. Although only over half of the stolen money has been recovered so far, the matter is still under investigation by the authorities, and the agency is working to recover the remaining balance.
The attack, which took place through a phishing email, remains a subject of ongoing investigation as the agency works to rectify the situation. However, details about the attack are still undisclosed, and the agency has yet to comment on the matter.
Many believe that the attack may be the work of an employee who created ghost accounts to embezzle the money. James McQuiggan, a security awareness advocate at KnowBe4, stated that insider threats pose a significant risk to organizations, affecting the integrity, confidentiality, and availability of their data, personnel, and facilities. He suggested that businesses focus on defining, detecting, assessing, and managing insider threats to avoid being victims of similar scams in the future.
In South Africa, email interception fraud is on the rise, with about 22% of companies surveyed reporting such an incident in the last five years. Additionally, digital banking fraud has seen a 30% increase in cases compared to the previous year, according to the South African Banking Risk Information Centre (SABRIC). Exploiting human susceptibility to phishing scams is a factor in many security breaches in the region.
Javvad Malik, lead security awareness advocate at KnowBe4, stated that social engineering and phishing remain significant issues for many organizations across Africa. According to their 2023 Phishing by Industry benchmarking report, on average, about a third (32.8%) of African employees are prone to falling for a phishing attack when they haven’t had any security awareness training.
To address insider threats, organizations are urged to recognize concerning behavior, assess possible insider threats, and implement risk mitigation programs. McQuiggan emphasized that by acknowledging and addressing insider threats, organizations can demonstrate care for their employees and safeguard their resources and mission.
The railway sector faces a multitude of cyber threats that threaten both operational integrity and data security. Ransomware, distributed denial-of-service (DDoS), and data-related threats are the main attacks targeting the railway sector, according to Trend Micro technical director Bharat Mistry. The gradual adoption of Internet of Things (IoT) devices in rail system networks introduces vulnerabilities that could be exploited by attackers, which has prompted railway operators to forge partnerships with technology specialists in order to bolster their cybersecurity resilience.
In response to the challenge, railway operators have partnered with technology specialists to enhance their cybersecurity capabilities. For example, Saudi Railway Company (SAR) recently announced a partnership with sirar by stc to build “comprehensive cybersecurity services” to safeguard the rail network.
In conclusion, the PRASA’s loss due to a phishing scam highlights the growing threat of cyberattacks in the region, particularly within the railway and transportation sectors. As the investigation continues, organizations are advised to prioritize security awareness and risk mitigation programs to protect against insider threats and phishing attacks. Additionally, continued partnerships with technology specialists will be crucial in building a comprehensive cybersecurity infrastructure to safeguard critical transportation networks.