By Prince Osuagwu
The year 2021 witnessed massive cyberattacks that affected private organisations, government agencies, individuals, and supply chains globally.
Nigeria had its fair share of cyberattacks and compromise albeit largely underreported. On December 9, an acute Remote Code Execution (RCE) vulnerability was reported in the Apache logging package Log4j 2 versions 2.14.1 that shook the internet. By December 10, more than 3.7 million hacking attempts had been made to exploit the vulnerability, according to leading cybersecurity firm Checkpoint, with more than 46% conducted by known malicious groups.
Meanwhile, President, Cybersecurity Experts Association of Nigeria, CSEAN, Mr Remi Afon has warned that 2022 is expected to witness an escalation in cyberattacks and cybercrime from what was witnessed in 2021.
Afon said that his prediction was based on cybersecurity trends in Nigeria and around the world, coupled with insights from leaders and global experts who assess the evolving cyber environment and the security threats.
He said that existing trends show that there will be a spike in Ransomware and Business Email Compromise (BEC) scams, as well as deep fakes.
He said: “The year 2021 witnessed unprecedented Ransomware attacks with the rise of Ransomware-as-a-Service (RaaS) groups on the Darkweb. The average amount of reported Ransomware transactions per month in 2021 was $102.3 million, according to FinCEN Report.
“Approximately 37% of global organisations said they were victims of some form of a ransomware attack in 2021, according to IDC’s 2021 Ransomware Study. In 2022, the ransomware threat and level of severity of ransomware attacks will grow. “With ransomware becoming the new digital pandemic, we expect to see the highest reported ransom paid by organisations in 2022 and disruption of service with maximum impact in terms of financial loss.
“The loss would not only be calculated based on ransom paid, but in terms of financial losses due to service unavailability, loss of market share, and a drop in stakeholder confidence, amongst other factors.” He also hinted that as the 2023 Nigeria general elections draw nearer, the use of Deepfakes and fake news will rise in 2022. Deepfakes are videos, images, or audio recordings that are manipulated by AI technology.
In a deepfake, an individual can be presented as saying or doing something that didn’t happen. Deepfakes are typically used to slander targets, manipulate events, falsify statements, or evidence, and create scandals. They’re made with artificial intelligence software that maps targeted people’s faces into scenes and onto other people’s bodies, or otherwise manipulate parts of videos.
The Deepfakes threat has also been used to facilitate business email compromise (BEC) fraud. It was also used to bypass Multi-Factor Authentication (MFA) protocols, and Know Your Customer (KYC) ID verification.
Afon said in 2022, it will be increasingly used.
He warned that the growth of cloud adoption through 2022 will coincide with the increase of cloud compromise and abuse.
So, as organisations continue to rely on the cloud and cloud-hosted third-party providers, those third parties face mounting pressure to maintain confidentiality, integrity and availability of customers’ data because Afon predicts that Cloud security misconfiguration and supply chain attacks will rank among the top cyber threats in 2022.
“Towards the end of 2020, there was a devastating SolarWinds breach and in July 2021, the REvil ransomware gang exploited a Zero Day in Kaseya VSA to launch a supply-chain attack on its customers.
Neither of these attacks occurred in isolation. In 2022, we can expect that cybercrime gangs will continue to seek ways to hijack the digital transformation of organisations to deploy malicious code, infiltrate networks and gain persistence in systems all over the world.”’