ADEYEMI ADEPETUN, in this report, writes that collaboration is required to stem the rising influence of hackers.
With the hybrid workplace becoming the new norm as a result of the COVID-19 pandemic, attempts and spates of attacks on individuals and corporate bodies by hackers have been on the rise.
Cyber thieves, a band of premeditated and dangerous criminals, are unleashing a reign of terror of unimaginable proportions on individuals, underscoring the need for decisive measures to stem the tide.
This challenge cuts across the continents as attacks are being launched from every part of the globe, including Nigeria.
In these attacks, billions of dollars are stolen from gullible and unsecured platforms and individuals. Cyber security experts believe that financial damages and losses will reach $6 trillion by the end of this year. Some of these unleashed attacks come in the form of malware such as Trojans, Trojan-Downloaders; and Trojan-Droppers. Others include flubot and ransomware.
Cyber security firm, Kaspersky recently disclosed that out of the more than 206,000 mobile malware attacks it blocked for the Middle East, Turkey and Africa (META) region in just six months measured between January to June 2021, over 30 000 of these attacks combined originated from Nigeria (14, 071), Kenya (10, 697), and South Africa (5,499).
Nigerians also attack
For the African countries monitored, Nigeria only trails Egypt (19,466) by the number of attacks blocked, pointing to how prevalent mobile threats have become in the highly connected country.
In fact, Kaspersky’s latest research showed that when looking at the top 10 countries by share of users attacked by mobile malware Nigeria places eighth (at 11.76 per cent). Even though Kenya and South Africa might not feature prominently, the mobile malware threat is still a concern, along with the shift to more target-based attacks these countries are seeing.
The top three most prevalent malware behaviours that Kaspersky has seen in Kenya and Nigeria are Trojans, Trojan-Downloaders; and Trojan-Droppers. In South Africa, these are Trojans, Trojan-Proxy; and Trojan-Downloaders.
A Trojan is a type of malware that is often disguised as legitimate software, which attackers can use to try and gain access to user systems. As the name suggests, Trojan-Downloaders download and install new versions of malicious programmes, including Trojans and Adware on victims’ computers.
Meanwhile, Trojan-Droppers usually save a range of files containing malicious programmes to the victim’s drive. Once installed, a Trojan-Proxy allows an attacker to use the infected device as a proxy to connect to the Internet.
Enterprise Sales Manager at Kaspersky in Africa, Bethwel Opil, said: “mobile malware remains a significant threat for corporate and personal users across Africa. These attacks are usually very diverse with hackers leveraging a range of methodologies and technologies to compromise victims’ devices.
Last week, the Nigerian Communications Commission (NCC) alerted Nigerians to the existence of new, high-risk and extremely damaging malware called Flubot.
NCC said from the information received on October 21, 2021, from the Nigeria Computer Emergency Response Team (ngCERT), Flubot “targets Androids with fake security updates and App installations”.
The ngCERT affirmed that Flubot “impersonates Android mobile banking applications to draw fake web view on targeted applications” and its goal transcends stealing personal data and essentially targets stealing of credit card details or online banking credentials.
NCC, in a statement signed by the Director of Public Affairs, Dr. Ike Adinde, explained that FluBot is circulated through Short Message Service (SMS) and can snoop “on incoming notifications, initiate calls, read or write SMSes, and transmit the victim’s contact list to its control centre.”
This malware attacks Android devices by pretending to be “FedEx, DHL, Correos, and Chrome applications” and compels unsuspecting users to alter the accessibility configurations on their devices in order to maintain continuous presence on devices.
The new malware undermines the security of devices by copying fake login screens of prominent banks, and the moment the users enter their login details on the fake pages, their data are harvested and transmitted to the malware operators’ control point from where the data are exploited by intercepting banking-related One Time Passwords (OTPs) and replacing the default SMS app on the targeted Android device.
Consequently, it secures admittance into the device through SMS and proceeds to transmit similar messages to other contacts that may be on the device it has attacked, enticing them into downloading the fake app.
It suffices to say that, when Flubot infects a device, it can result in incalculable financial losses. Additionally, the malware creates a backdoor which grants access to the user’s device, thus enabling the invader or attacker to perform other criminal actions, including launching other variants of malware.
In view of this discovery and understanding of the process by which this malware operates, and it is important to protect millions of telecoms consumers and prevent criminal forces, irrespective of location, from using telecoms platforms to perpetrate fraud and irredeemable damages.
Chairman, Mobile Software Solution and a cyber solutions expert, Chris Uwaje, warned that cyber criminals may attack victims simply because they are on the Internet; or because they have information of value; or because of the value of their intellectual property [IP].
Uwaje added that to overcome cyber-attacks, the banks would need to strengthen their cyber resilience through implementation of process-oriented good practices, technology and standards, and engagement of right skills and competencies.
Speaking in Lagos at a cyber security conference, the President, Cyber Security Experts Association of Nigeria (CSEAN), Remi Afon, disclosed that experts estimate that a ransomware attack will occur every 11 seconds in 2021. Ransomware damages are envisaged to cost the world $20 billion this year according to Cybersecurity Ventures.
Afon said with the pandemic ravaging global economy, adoption of remote working, reliance on IT, recent acceleration in ransomware attacks; it becomes important to understand the role of cyber security in digital transformation.
With rapid technological advances and digital transformation, Afon said it is no surprise that the potential for cyberattacks and data breaches remain a top concern in today’s digital landscape.
Regional Director, Africa at Check Point, Rick Rogers, said; “The sheer economy of scale offered by mobile devices is incredibly appealing to cyber criminals. They are using every available opportunity to attack individuals and organisations through their mobile devices, including Apps, particularly because these devices are so popular, and people usually do not take as strict precautions when it comes to securing them as they would with their laptops for example.”
Seeing that Africa was increasingly under threat from cyber criminals, the need for local businesses to partner with security specialists that can help them remain one step ahead of the game is essential, Rogers advised.
Kaspersky cautioned that users should not trust SMS. It explained that mobile malware uses text messages, so users should never respond to requests for credit card details or other private information. It stressed that users should check their browser for the lock symbol. The lock icon in the address bar indicates that the sight is secure when entering personal data.
On its part, NCC backed Kaspersky on the need for users not to open suspicious text messages. It added that they should not install any app or security update the page asks one to install.
The Commission advised users to use updated antivirus software that detects and prevents malware infections; apply critical patches to the system and application; use strong passwords and enable Two-Factor Authentication (2FA) over logins. Back-up your data regularly.
NCC said users have been affected by this campaign, “you should reset your device to factory mode as soon as possible. This will delete any data on your phone, including personal data.
“Do not restore from backups created after installing the app. You may contact ngCERT on *firstname.lastname@example.org* for technical assistance.
“You will also need to change the passwords to all of your online accounts, with urgency, around your online bank accounts.
“If you have concerns that your accounts may have been accessed by unauthorised people, contact your bank immediately.”