Tip of iceberg for Transnet woes as hackers paralyse SA harbours

Following a cyberattack on Transnet, the DA’s shadow minister of public enterprises, Ghaleb Cachalia, has warned that the country could face a nationwide shutdown of its IT infrastructure. According to MyBroadband, Transnet employees were ordered to shut down all laptops and electronic equipment connected to the company’s domain, with an instruction not to access emails on smartphones given out as well. Transnet has since called a force majeure, with Cachalia noting that this confirms “that this was an industrial scale breach meant to cause maximum damage.” Cachalia’s concern stems from the fact that Transnet’s IT systems are connected to both SARS and Customs, “and the cumulative effect has the potential to paralyse economic activity.” However, MyBroadband notes that an eNCA journalist, in a report, said that the attack appears to be a “standard ransomware attack”, as seen in the United States. Bloomberg has since reported that Transnet appears to have been attacked by criminal gangs in Eastern Europe and Russia. The hackers allegedly left a ransom note “claiming they encrypted the company’s files, including a terabyte of personal data, financial reports and other documents. The note instructed the firm to visit a chat portal on the dark web to enter negotiations,” says Bloomberg. – Jarryd Neves

South Africa faces national shutdown of IT infrastructure, warns DA

By MyBroadband

DA shadow minister of public enterprises Ghaleb Cachalia has warned that South Africa could face a national shutdown on its Information Technology (IT) infrastructure following the Transnet hack.

Last week, Transnet suffered a cyberattack which caused disruptions on its IT applications and brought some of its operations to a halt.

Transnet employees were asked to shut down their laptops, desktops, and tablets connected to the company’s domain following the attack.

Transnet also warned employees not to access emails on their smartphones until further notice.

Transnet Port Terminals (TPT) declared a force majeure this week because of what it described as a “cyber-attack, security intrusion and sabotage” on Transnet.

“Investigators are currently determining the exact source of the cause of compromise and extent of the ICT data security breach/sabotage,” TPT said.

Cachalia said Transnet’s declaration of force majeure across all its container terminals confirmed that this was an industrial scale breach meant to cause maximum damage.

He warned that the damage has the potential to spill over into other key areas.

“Transnet’s IT systems are interconnected with SARS and Customs, and the cumulative effect has the potential to paralyse economic activity,” Cachalia said.

The DA has asked Transnet for information about the extent and effect of the cyberattack and what it is doing to mitigate its effects but has not received feedback yet.

“A failure to isolate the origin of the cyberattack creates a host of imponderables, most notably, the extent to which the perpetrators are prepared to go,” said Cachalia.

“Now that they have successfully crippled our ports, there is no telling which vital national function they will attack next.”

He also complained about a lack of feedback about the attack from the Minister of Public Enterprises Pravin Gordhan

“The Cabinet’s dysfunctionality is evidenced by the responsible ministers’ inability to comment or act in the face of an attack on the country’s economic and logistical spine,” said Cachalia.

He said it is becoming increasingly clear that the crippling cyberattack on Transnet’s IT infrastructure was an act of sabotage potentially carried out by the perpetrators of the insurrection.

“The cyberattack is consistent with the insurrection’s modus operandi which targeted transport and logistics infrastructure,” he said.

The insurrectionists first targeted Durban’s major transport artery, the N3. Their intention was to disrupt supply chains, cause food shortages, and whip up public anger.

They then turned their attention to the business sector by sponsoring the industrial scale rioting and looting in Gauteng and KwaZulu-Natal.

“They forced Transnet to declare a force majeure on the Natcor rail line that connects Gauteng and KwaZulu-Natal,” Cachalia said.

It’s clear that after failing to achieve their objectives through these two acts of sabotage, the next logical step would be to cripple the Transnet port system.

“Law enforcement agencies and prosecuting authorities should not waste their time looking for cyber terrorists outside our borders. They are in the country, and they may have been the architects of the failed insurrection,” Cachalia said.

Based on a report by eNCA journalist Sli Masikane, the attack on Transnet appears to be a standard ransomware attack such as those that have shut down a major pipeline in the United States and healthcare infrastructure in Ireland.

The ransomware note Masikane posted on Twitter is consistent with a note linked to a newer ransomware variant first disclosed by Crowdstrike in June.

MyBroadband tried to contact Transnet for details about the cyberattack, but we could not reach the company.

Read more: