By Prince Osuagwu, Hi-Tech Editor
A critical look at the trend in Information Technology in Nigeria, particularly on the cybersecurity ecosystem, shows a nation that had to contend with various malicious activities of cybercriminals.
This was also traced to a continuous increase in the adoption of IT tools. For instance, significant growth in the number of mobile (GSM) and Internet subscribers was recorded,. In the same vein, there was increased adoption of cryptocurrencies by Nigerians.
Regrettably, for cybercriminals, non-state actors, those aforementioned milestones presented new opportunities and vectors, in addition to existing ones, to perpetrate malicious activities against individuals, businesses, and governments. In reality, the situation in Nigeria was not different from the rest of the world. Globally, cybersecurity intelligence reports have revealed that cybercriminals, last year, advanced their capabilities and deployed more sophisticated tools and techniques.
One of the main factors that transformed the global digital landscape was the COVID-19 pandemic which led to a rise in the use of digital technologies. Private and public establishments were forced to acquire and deploy technologies that would enable them to work remotely, to reduce the impact of the pandemic on their businesses. Many educational institutions adopted an online form of teaching as a coping mechanism, to forestall disruption in the delivery of educational services to students.
In addition to the economy-crippling COVID-19 pandemic, the dark forces of the online world also leveraged the #EndSARS protests in the country. This led to a rise in hacktivism. While some protesters marched relentlessly on the streets, others took their demonstration to the virtual world. As many government ICT infrastructures were torched in the process, some were virtually hacked.
While these trends present enough experience for both individuals and corporate organisations to prepare against a recurrence in 2021, there are likely going to be an increase of hacktivism this year going by emerging trends.
According to President of Cyber Security Experts Association of Nigeria, CSEAN, Mr. Remi Afon, “we expect that some of the prevalent cyber threats will continue in 2021. This is predicated upon several factors. The COVID-19 pandemic remains unabated. Nigeria is currently experiencing a second wave of the virus. The #EndSARS protests have only subsided; they can erupt again at any time.
Presently, many are disgruntled against the government for targeting some of the protesters and their sponsors. The recent directive by the federal government for SIM cards to be linked to the national identity number (NIN) presents a new platform for cybercriminals to further perpetuate their activities” he added.
He said a knowledge and research team of his association, following current trends compiled some threats that may threaten Nigeria’s economy in 2021 and what the country should do to avert them.
Top Cyber threats include: Email-Based Attacks: These include Business Email Compromise (BEC) and the various categories of advance free fraud attacks. Further, emails are used as a vector by attackers for propagating other scamming, phishing, and malware attacks. We predict that the prevalence of these email-based attacks will continue in 2021. Attackers will attempt to engage COVID-19 and NIN-SIM-registration themes to deceive unsuspecting targets.
Web Application and Services Attacks: These consist of attacks aimed at exploiting the vulnerabilities or weaknesses of web applications and services. Attacks to watch out for include website defacement, public cloud data exposure, and data leaks. The top causes of such attacks will be the exploitation of security gaps in misconfigurations and stolen credentials.
The case of website defacement will be due to the activities of hacktivists in response to the actions and inactions of the government in respect of the #EndSARS protests. More government-related websites and web apps and services, and those of their sympathizers, will be targeted.
Malware: Existing, new variants of existing, and novel malware will be deployed by malicious actors against information systems belonging to individuals, organizations, and government. Mobile malware threats will increase. Ransomware will remain widespread.
Phishing: Phishing attacks will become more targeted. Criminal actors will employ COVID-19- and NIN-SIM-Registration-themed phishing emails by impersonating government, health authorities and SIM registration sites to deceive targets into revealing sensitive information.
Identity Theft: This is the threat of deceptively obtaining or illegally acquiring personal identifiable information to commit fraud. Attackers will rely on phishing and other social engineering attacks, skimming, shoulder surfing, and dumpster diving to acquire sensitive information about their targets.
Fake News and Hate Speech: The intentional and unintentional propagation of fake news and hate speech will increase. While these are not directly cyber threats, they are often propagated via online media such as social media platforms. Senders will prey on the widespread disillusionment among Nigerians due to the unabating COVID-19 pandemic, the unfavorable economic situation being experienced in the country, and prevalent discontentment with the government’s response to the economic challenges.
Children-Targeted Attacks: Due to the lockdown, occasioned by the COVID-19 pandemic, many schools have adopted online teaching. This implies that students are bound to spend more time online, compared to how long they stayed online pre-pandemic. Cybercriminals will seek to exploit this by launching attacks targeted at kids. Attacks to watch out for include cyberstalking, cyber predation, and cyber grooming.
Cryptojacking: More Nigerians are becoming aware and are adopting cryptocurrencies. Consequently, more cryptojackers who engage in the malicious mining of cryptocurrencies using victims’ computers or mobile devices without the knowledge of the victims are predicted to emerge.
Cybercriminal Recruitment: In 2020, many youths were forced to stay at home due to COVID-19 and a prolonged ASUU strike. Considering the 2nd wave of the pandemic and the newly discovered variants of the COVID virus, another stay-at-home order in 2021 looks likely. Moreover, the pandemic has led to job loss for many. These challengers provide exploitable opportunities for cybercriminals to lure idle and jobless youths. So, we expect the recruitment drive by cybercriminal actors to rise in 2021.
The Way Forward
*The publication and implementation of the recently reviewed national cybersecurity policy and strategy documents.
*Efforts should be made by the government and corporate entities to improve the security of their IT assets. Organizations leveraging on IT should update their internal security policies and procedures and adhere to best security practices.
*The President should as a matter of urgency assent to the Data Protection Bill 2019 as passed by the National Assembly in May 2019.
*The government should provide adequate information on COVID-19 and the linking of SIM cards to NIN. Lack of information can easily be exploited by criminal actors to deceive the uninformed. Access to relevant information should be easy and free for citizens.
*Continuous education of citizens on the activities of cybercriminals, using the various media, is crucial.
*Efforts must be made by parents and guardians to ensure the online safety of their children and wards, respectively. It is important for parents and guardians to monitor the activities of and moderate the time spent by their children and wards, respectively, while online.
*Also, on the protection of the kids online, schools should ensure the technologies i.e software and hardware they deployed can effectively support learning without compromising the online security of their students.