Department of Labour denies server compromise in recent cyberattack
The government department says the attack did not expose any sensitive or confidential information.
The South African Department of Labour has confirmed a recent cyberattack which disrupted the government agency’s website.
In a statement, the Department of Labour said that a distributed denial-of-service (DDoS) attack was launched against the organization’s front-facing servers over the weekend.
According to the department’s acting chief information officer Xola Monakali, the “attempt was through the external Domain Name Server (DNS) server which is sitting at the State Information Technology Agency,” and “no internal servers, systems, or client information were compromised, as they are separated with the relevant protection in place.”
The government agency has asked external cybersecurity experts to assist in the investigation.
DDoS attacks are often launched through botnets, which contain countless enslaved devices — ranging from standard PCs to IoT devices — which are commanded to flood a domain with traffic requests.
With the rapid adoption of IoT and connected devices, including mobile products, routers, smart lighting and more, botnets have become more powerful.
Unfortunately, many of our IoT products lag behind in security and the use of lax or default credentials, open ports, and unpatched firmware has led to botnets which automatically scan for vulnerable devices online and add them to the slave pool with no-one the wiser.
In July, a threat actor was able to create a botnet 18,000 device-strong in only 24 hours. The botnet scanned the Internet for connected devices left unpatched against Huawei router vulnerability CVE-2017-17215.
It is not known who is behind the DDoS attack against the government agency. However, News24 reports that hacker “Paladin” may be responsible.
The individual reportedly tipped off reporters that the attack was taking place as a test for a “full-scale attack” due to take place in the future against another government website.
Paladin is also believed to be responsible for DDoS attacks launched against SA Express, the country’s Presidency domain, and the Department of Environmental Affairs.