Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      How the Post Office plans to rise from the dead - Fathima Gany

      How the Post Office plans to rise from the dead

      17 July 2026
      iOCO snaps up ERP firm as acquisition machine cranks up - Rhys Summerton

      iOCO snaps up ERP firm as acquisition machine cranks up

      17 July 2026
      Meta AI will now tell parents if their teen is in crisis

      Meta AI will now tell parents if their teen is in crisis

      17 July 2026
      Tap to pay is finally coming to the Post Office

      Tap to pay is finally coming to the Post Office

      17 July 2026
      Xi pitches China as the world's AI liberator - Chinese President Xi Jinping waves as he arrives at the opening ceremony of the World AI Conference in Shanghai. Ng Han Guan/Reuters

      Xi pitches China as the world’s AI liberator

      17 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      Selling vapour is corporate suicide in slow motion - Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » In-depth » A peek inside the cybercriminal’s toolkit

    A peek inside the cybercriminal’s toolkit

    By Sunil Gopal4 May 2015
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp
    Sergey Lovhkin
    Sergey Lozhkin

    In the cyber-espionage thriller Blackhat (2015), Chris Hemsworth plays a computer hacker who is freed from prison to trace a blackhat hacker — someone who breaches computer security with either malicious intent or for personal gain. As often happens, the lines between the real world and the movie world are becoming blurred.

    Indeed, if drive-by downloads, ransomware, distributed denial of service (DDOS) attacks, spear phishing, botnets and advanced persistent threats (APTs) sound like they’re from the trailer of the next Mission: Impossible movie, you could be right.

    According to Sergey Lozhkin, senior researcher at Russian information security firm Kaspersky Lab, today’s James Bond is more likely to be sitting at a keyboard plotting his next move than engaging in furious gun battles across the globe.

    “A small piece of code is way more dangerous than any damage that Bond could do,” Lozhkin says. Today, cyber espionage is the name of the game and it’s usually carried out through advanced persistent threats, continuous and covert hacking processes targeting specific entities using multiple malware tools.

    APTs have increased exponentially in number in the past five years, with a number of high-profile cases that have left governments, corporations and individuals red-faced — and out of pocket. The Carbanak APT attack earlier this year left banks across the world US$1bn poorer. The sophisticated malware used, along with the time, effort and resources ploughed into the project, mean it was more than likely sponsored by a rogue government agency, according to Kaspersky Lab.

    State-sponsored attacks tend to target specific users, as opposed to the mass-distributed e-mails favoured by cybercriminals. State attackers also develop their own malware with specific goals in mind, while ordinary cybercriminals generally attempt to extract specific valuable information such as credit card numbers and passwords en masse.

    Nation-state attackers often try and extract as much information as possible from their targets with the intention of going through it with a fine-tooth comb later.

    Amin Hasbini
    Amin Hasbini

    The Desert Falcons APT was the first known attack by an Arab group. Kaspersky researcher Amin Hasbini says the company was able to determine that Desert Falcons started work as far back as 2011.

    “They were quite well organised, consisting of 20 to 30 people working in three groups and from three locations. Each group had different targets, with some targeting mobile users, and others corporate and government users,” he says.

    The Desert Falcons APT targeted government, religious, aerospace and military institutions, health organisations, those involved in combating money laundering, media groups, academics, and energy and other utilities.

    Hackers were able to infiltrate users in Palestine, Egypt, Israel and elsewhere. They planted a “digital bug” that looked for special intelligence information on systems using Windows and Android and recorded audio as well as looked for SMS and call logs, along with geolocation information.

    No one is safe from APT attacks, not even the president of the US, says Kaspersky. In 2014, the CozyDuke APT targeted the White House and the US department of state. Attackers were reportedly able to read President Barack Obama’s e-mails.

    Those behind APT attacks tend to seek innovations and blueprints, business plans and budgets from companies, as well as military, space and other information that can be used to create the same products as competitors.

    They also look for digital certificates, which are used to sign malware created by them, and create virtual credentials and physical access codes. Scientific research results, which show the different projects that governments are engaged in are also a common target.

    Spear phishing
    Another popular method of gaining access to systems is through the use of spear-phishing e-mails. Cybercriminals use social engineering techniques to compel users to respond, with e-mails purporting to be from a tax agency (the South African Revenue Service, for example), a regulator or some other government agency, usually by threatening action against them.

    The missing flight MH370 saw cybercriminals taking advantage, with e-mails requesting “assistance” and “information” sent to various government and emergency organisations. Those keen to provide assistance downloaded malware in attachments without realising it was an attack vector. As a result, relief organisations were compromised.

    Zero-day exploits are also common. Here, attackers take advantage of a vulnerability in an application or operating system, one which developers have not had time to address and patch.

    One way criminals strike is by sending an e-mail alerting users to fix the problem. Other times, they take direct advantage of the vulnerability, hacking into systems.

    A recent example is a vulnerability in the WordPress content management system that allows hackers to hijack websites through a comment that contains malicious JavaScript.

    Alexander Lebedev
    Alexander Lebedev

    Distributed denial of service (DDOS) attacks are also commonplace. Here, a banking server, for example, that would usually handle 100 requests per second would suddenly receive a million requests, causing the system to malfunction.

    This is known as a volumetric attack, where a huge amount of requests are sent.

    Application-level attacks also disorientate the system. “Instead of just saying ‘hi’, it would also shake hands and give a hug all at the same time,” says Alexander Lebedev, head of product intelligence at Kaspersky. This would require more resources and could force a system to shut down. Such shutdowns result in reputational damage to an organisation as well as damage to clients who are unable to pay bills.

    There are various online tools — Nemesys and Hulk are two — that can be downloaded to launch a DDOS attacks. According to Lebedev, DDOS attacks very often involve the use of “botnets”, or groups of infected machines that are controlled by one person.

    Lebedev says that the underground in which cybercriminals operate uses bitcoins to sell and share services, or even rent a botnet for a criminal network. The price to rent a botnet controlling a thousand devices is just $50/day, according to Kaspersky.

    In an operation with Interpol, the company helped take down the Simda botnet, which had been running since 2009 and which controlled 770 000 devices. The botnet was used to launch attacks on news and media organisations around the world. Lebedev says the average cost to a small business from a botnet attack is $52 000.

    Ransomware
    So-called “ransomware” is another growing problem.

    Five years ago, it mostly involved computer users receiving a message from someone who had compromised their machine and locked it down and demanding a fee to unlock it. IT specialists were nevertheless able to unlock these computers, albeit with some effort.

    Today, says Lozhkin, the situation is very different. “Hackers have developed cryptors that fully encrypt all your data on your hard drive. The IT guys cannot help anymore,” he says.

    The only way to decrypt this data is to pay cybercriminals to obtain a unique key.

    Lozhkin says the most vulnerable targets are small businesses and government organisations that don’t have permanent or fully protected IT systems.

    Users are typically asked to pay the ransom in bitcoins — to avoid detection — and are even directed to websites where they can change money to bitcoins.

    Ransomware offers a huge pay-off. “Malware for ransomware is sold for $5 000. You can go to a botnet owner and gain access to thousands of computers for a minimal price. Income may be up to $25 000/day,” says Lozhkin. Also, cybercriminals do not do everything manually, but have created fully automated systems that decrypt test files and monitor payment. They even use social networks such as Twitter to show clients evidence of decrypted computers once users have paid.

    Is anyone safe?
    So, is anyone safe? A popular method of gaining access to users’ computers is by giving out USB sticks or even computer mouses that are able to infect computers once connected. And who has said no to one of those? Most people plug them in without giving it a second’s thought.

    Nevertheless, cyber security is a shared responsibility, says Kaspersky. Governments need to act to protect citizens’ information and vital infrastructure and companies need to protect clients and employees.

    But Kaspersky says the biggest weakness remains the one between the chair and the keyboard. Hackers take advantage of the human factor in developing social engineering methods to gain access to IT systems.

    So, think before you click. Or you might end up in some nasty horror story not thought up in Hollywood.

    • The writer travelled to a Kaspersky Lab conference in Lisbon, Portugal as a guest of the company
    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    Alexander Lebedev Amin Hasbini Kaspersky Kaspersky Lab Sergey Lozhkin
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleDo you trust online reviews?
    Next Article Inside Telkom’s colossal IT overhaul

    Related Posts

    Finding focus: a strategic approach to cybersecurity for SMBs - Kaspersky

    Finding focus: a strategic approach to cybersecurity for SMBs

    6 July 2026
    Kaspersky's blueprint for industrial cyber resilience

    Kaspersky’s blueprint for industrial cyber resilience

    25 June 2026
    The new reality of enterprise security: scaling resilience amid complexity - Kaspersky

    The new reality of enterprise security: scaling resilience amid complexity

    17 June 2026
    Company News
    Paratus again voted Namibia's most reliable internet provider

    Paratus again voted Namibia’s most reliable internet provider

    17 July 2026
    Core opens Microsoft Surface reseller programme to South African SMEs - John Press

    Core opens Microsoft Surface reseller programme to South African SMEs

    17 July 2026
    The economy the statistics miss is thriving on Spondo Street - Lesaka Technologies Lincoln Mali

    The economy the statistics miss is thriving on Spondo Street

    16 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    Selling vapour is corporate suicide in slow motion - Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    How the Post Office plans to rise from the dead - Fathima Gany

    How the Post Office plans to rise from the dead

    17 July 2026
    iOCO snaps up ERP firm as acquisition machine cranks up - Rhys Summerton

    iOCO snaps up ERP firm as acquisition machine cranks up

    17 July 2026
    Meta AI will now tell parents if their teen is in crisis

    Meta AI will now tell parents if their teen is in crisis

    17 July 2026
    Tap to pay is finally coming to the Post Office

    Tap to pay is finally coming to the Post Office

    17 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}