January 15, 2020

CYBERSECURITY: Why Nigeria faces unprecedented cyber-attacks in 2020

Social media used to incite violence during #EndSARS protests — NSA

By Prince Osuagwu, Hi-Tech Editor

Emerging technologies, such as the Internet of Things IoT, Cloud Technology, and Smart Phones are having a great impact on our daily lives. They are equally offering new vulnerabilities for cybercriminals to exploit.

$11m Cyber Fraud: Court Forfeits Invictus Obi’s N280m

At the end of 2018, the number of devices connected to the internet worldwide, reached 22 billion. In September 2019, an internationally coordinated law enforcement operations spanning the United States, United Kingdom, Nigeria, Kenya, Ghana, France, Italy, Japan, Turkey, and Malaysia resulted in 281 global arrests of cybercriminals of which 167 were Nigerians.  Approximately 3.7 million USD was seized, and the disruption of approximately 118 million USD in fraudulent wire transfers was achieved.

This year, millions of devices will be connected to the internet in Nigeria. According to the Nigerian Communications Commission, NCC, as of October 2019, the total number of active telephone subscribers in Nigeria was approximately 180 million while the number of active internet subscribers  approximated 123.5 million.

However, irrespective of how impressive these figures appear, the down side to it is that every device connected to the internet presents a new target for attackers and each new social media post creates new risks for social engineering.

It means that even this year, cybersecurity will continue to gain traction globally and should be at the top of the mind of the Nigerians, top executives of organisations and government.

Latest research from Strategy Analytics, predicts that 38.6 billion devices will be connected by 2025, and 50 billion by 2030.

These projections are expected to change the cybersecurity threat landscape. Moreover, being the beginning of a new decade, countries of the world, particularly the emerging economies like Nigeria could face a combination of old and new cyber threats this year.

Already, a not for profit group of professionals in the field of Information Security in Nigeria and diaspora, Cyber Security Experts Association of Nigeria, CSEAN has warned that Nigeria should expect an increase in targeted cyberattacks that will affect individuals, Internet Service Providers, ISPs, Government Ministries, Department and Agencies, MDAs, Telecommunication companies and banks.

The attacks the Nigerian business community should watch out for, according to the group include; Business Email Compromise, BEC, Social Engineering attacks like Phishing Campaign, Ransomware, Supply chain attacks, Insider threats, and attack on free public Wi-fi.

It warned that attacks such as wire fraud vis-à-vis BEC, identity theft, romance scams, fraudulent-check scams, gold-buying scams, advance-fee scams, and credit card scams, will originate from Nigeria cybercrime gangs with their international collaborators in 2020.

President of the group, Mr Remi Afon said: “ As we are receiving various cybersecurity predictions across the world, CSEAN is taking a deep dive into threats Nigeria is expected to face, taking into consideration recent trends and inputs from industry experts.

“Top on the list of cybersecurity threats to watch out for in 2020 is the Phishing Campaigns, the Business Email Compromise, BEC and other targeted email attacks. While phishing has been around for a long time, it continues to be a very successful method of attack for hackers. “According to the latest Anti Phishing Working Group (APWG) report, the number of phishing attacks rose in the third quarter of 2019 to a high level not seen since late 2016. Also, BEC attacks are growing in prevalence and creativity and will continue to top cyberattacks originating from Nigeria for years to come. Nigerian cyber criminals in partnership with their international cohorts now use spoofed email addresses and virtual private networks to anonymise their activities and infiltrate servers and email systems of various companies to identify large financial transactions.

“The hackers then communicate with company employees and business parties via email by impersonating other companies or clients and lure them into transferring large amounts of money to their bank accounts” he added.

He said Ransomware will continue to be on the rise in 2020, because there’s no regulation mandating cyberattack disclosure by organisations in Nigeria. He complained that such non disclosures made it difficult to obtain records of ransomware attacks last year in Nigeria. Recall that in October 2019, the city of Johannesburg municipality in South Africa suffered a ransomware attack, with hackers demanding a ransom of four Bitcoins, which equals about R500,000 or $37,000. At about the same time, Distributed Denial of Service (DDoS) attacks were launched against several large South African banks. The hacker’s objective was the same, Bitcoin ransom demand from the victims.

Twitter admits to using your data for targeting ads

CSEAN says organisations, especially banks in Nigeria should be prepared for a major ransomware attack in 2020 in the league of WannaCry and Petya of 2017.