Page 15 - EngineerIT Nov-Dec 2025
P. 15
CYBERSECURITY
“Cybercriminals know economic stress pushes users to look for free software,” Are Macs safer?
he said. “They hide InfoStealers in fake installers. The software often still works – Only in volume, not in risk
that’s the point.” Many users assume macOS devices
are immune.
Why South Africa continues to attract attackers
Yamout outlined several connected factors that place the country high on “Macs are less targeted, but not fully
attackers’ lists. secure,” Yamout said. “Attackers go
where the scale is. Windows still has
Digitisation without equal investment the majority share, but there are
“There’s strong momentum behind digitisation,” he said. “But if you go online macOS attempts too.”
faster than you secure yourself, you create gaps. Many small and medium
businesses prioritise getting online, not getting secure.” In short: fewer attacks, not 100% safe
Budget pressure devices.
“In difficult economic periods, cybersecurity budgets are often the first to be cut.
Criminals read the same news we do. They know when defences are weak.” Where defenders still gain
ground
A large and valuable attack surface Kaspersky collaborates with
South Africa has one of the most digitised economies on the continent, with a INTERPOL, AFRIPOL and Europol
dense enterprise sector and a large base of connected consumers. on disruption operations. These
interventions have real impact.
Cybercrime has become an industry
Modern ransomware groups operate more like businesses than underground A coordinated operation against the
outfits. “Ransomware-as-a-service is an ecosystem,” Yamout explained. “Some Grandoreiro banking trojan led to a
groups supply infrastructure, others supply malware. Some even offer support measurable drop in detections.
for victims who are negotiating. These groups have managers and cash-out
operators. It’s structured.” “After the operation, detections
dropped by around 98 percent,”
This structure makes them resilient. When large groups are taken down, smaller Yamout said.
operators move quickly to fill the gap.
“The action worked.” But the broader
How AI changes attacker behaviour ecosystem remains active.
Artificial intelligence hasn’t reinvented malware, but it has reshaped the workflow
behind attacks. “AI hasn’t changed what malware is,” Yamout said. “But it has “Ransomware groups earned over
made operations more efficient.” $1 billion in 2023. Even when big
groups are disrupted, new ones
The biggest shifts include: emerge because the market is
• more convincing phishing themes lucrative,” he said.
• tailored lures aligned with real-world events
• automated scanning of stolen data to pinpoint sensitive material What SA organisations can take
from this
“Instead of general threats, ransomware groups can now identify exactly which Yamout summarised it clearly.
files matter to a victim. AI helps them find pressure points,” he said. “You don’t need to fear a thousand
compromised devices if you
The human layer remains the weak point understand your defences and
For all the technology involved, phishing still depends on a human decision. understand your adversary,”
he said.
“The domain check is important, but it’s not enough,” Yamout said. “If you’re not
expecting a message, verify it with the sender using another communication South Africa’s digital acceleration
channel.” offers genuine opportunities, but
the security environment demands
Attackers often compromise legitimate email accounts, which makes superficial planning, not reaction. Attackers
checks unreliable. are organised, informed and well-
resourced. Defenders need the
“It’s a scoring system,” he said. “Check the domain, check the context and verify same clarity and consistency to
when in doubt.” keep pace.
15 | EngineerIT November/December 2025
