South Africa's Information Regulator Serves Justice Department a Warning; I&M Bank Rwanda Loses $13 Million to Fraudsters

and more infosec stories from across Africa

CybAfriqué is a weekly newsletter covering news and analysis on cyber, data, and information security on the African continent.

South Africa's Information Regulator Serves Justice Department a Warning

On May 9, 2023, South Africa's data and information regulator served an “enforcement notice” to the Department of Justice and Constitutional Development for flouting the Protection of Personal Information Act. In October 2021, the department of Justice suffered a data breach that led to the exfiltration of at least 1,200 files containing personal and banking information belonging to ordinary people.

The regulator, in its press release, said investigations it carried out since 2021 showed severe gaps in the justice department’s security infrastructure, and a tardiness that led to the breach. It also said the department lacked various important security licenses. South Africa’s information Regulator is asking the Justice Department to fix these security issues or face a R10 million ($514,000) fine or imprisonment of responsible officials.

I&M Bank Rwanda Loses $13 Million to Fraudsters

Threat actors hacked and carted away with roughly $13 million from the Rwandan division of the I&M Bank, a large banking group with divisions across East Africa. The incident, according to reports, was carried out in December 2022 and early January 2023, but was only revealed by the bank in its 2022 report released after its fiscal year was done, earlier this month.

According to Business Insider, “The Rwandan division has been I&M's most successful company outside of Kenya, serving more than 65,000 clients through around 18 locations, 33 ATMs, and more than 400 personnel.”

In Mid-December, last year, the South African Reserve Bank was also attacked but the bank said the hackers were not able to steal anything.

Big Picture Stuff

Earlier this month, Ivorians were protesting internet subscription rates in the country, highlighting a bigger issue: Sub-Saharan Africa’s internet is overpriced. Read Le Monde’s article here.

This hacker breaks down devastating vulnerabilities in the Nigerian banking tech infrastructure. Some of these vulnerabilities are pretty bad that i have argued in private rooms that the hacker his exaggerating, but my argument was rebutted by cybersec and cloud specialists who sent proofs that some of the flaws he listed were in fact true,

I wrote about the socioeconomic drivers of cybercrime in Africa, and why the fight against cybercrime needs to be aware of that.

Headlines

• U.S. Army Cyber Command supports first workshop with Kenya Defense Forces. - U.S. Army.

• Nigerians could be paying up to ₦100,000 ($217) to the Country’s Advertising Regulator in order to get approval for their social media ads. - Techpoint Africa.

• Meta is being ordered to pay the content moderators at Sama their April salary. - TechCrunch.

• Nigerian extradited from the UK sentenced for cyber crimes in the US. - FIJ.

• EFCC arraigns man for alleged $5 million cybersecurity fraud. - Punch Nigeria.

• Ghana is warning its citizens against phishing scams..

• Khazna Data Centers plans to enter Egypt with Benya Group.

• Financial institutions in Africa say cybercrime is a bigger risk than political instability. - TechCabal

• Facebook is Tanzania’s most used social media, says the Tanzania Communications Regulation Authority. - Dailynews Tanzania.

• Kenya’s data protection bureau is conducting a countrywide awareness campaign. - Regtech Africa.

• The Republic of Guinea is holding a workshop to improve its State Information Systems Security Policy, - Cybersecurity Magazine Africa.

Chart of the Week

Source: Africa Center for Strategic Studies

Quote of the Week

“African cybercriminals are making an investment in the tools that they are using. They are procuring publicly available malware, whether they be information stealers or banking Trojans, and leveraging these with the expectation that this investment will lead to significant financial gains.”

- Ashraf Koheil, Group-IB’s Regional Sales Director, META.

Across the World

• Disinformation and its effects on social capital networks.

• EU draft legislation will ban AI for mass biometric surveillance and predictive policing.

• Your Ad data is now powering government surveillance.

• The team of sleuths quietly hunting cyberattack-for-hire services

Post Notes

Remember to share this issue and see you next week.