National Treasury affected by malware attack after hack of Microsoft server software

MyBroadband editor Jan Vermeulen joins Stephen Grootes on The Money Show.

The latest cyberattack which has affected organisations around the world, has reached South Africa's National Treasury.

In a statement, Treasury said it identified malware on its Infrastructure Reporting Model website, its online infrastructure reporting and monitoring system, on Tuesday afternoon.

In response, it isolated the IRM servers 'to assess the magnitude of the compromise and to ensure the security of its systems'.

In view of reports about hackers targeting Microsoft's server software, Treasury also requested assistance from the tech company in identifying and addressing any potential vulnerabilities.

'Despite these events, NT's systems and websites continue to operate normally without any disruption', the statement went on.

MyBroadband's Jan Vermeulen says this has been another reminder that despite your best efforts to mitigate against cyberattacks, there are sometimes things completely outside your control.

He explains what transpires in the case of what's called a zero-day type of vulnerability, which is what seems to have happened here.

"This means that Microsoft had zero days to solve the problem or alert clients. They found out about it when they saw it being actively exploited 'in the wild' and then quickly moved to alert customers, which started around Saturday. By Sunday they had some basic fixes up and then started issuing patches for the software."

Jan Vermeulen, Editor - MyBroadband

"By then, however, the thread actor or actors had already gained footholds on a lot of the servers that were running the vulnerable software and could come back and gain entry via the malware they'd installed to allow them to gain access initially."

Jan Vermeulen, Editor - MyBroadband

For more detail, listen to the interview audio at the top of the article