Latest Headlines
Rising Trends of Cyberattacks in Nigeria
Emma Okonji examines the increasing number of cyber threats across the world, with particular focus on Nigeria, where the challenges of securing a remote workforce and protecting organisations’ data have become more challenging than ever, a development that has been predicted to worsen this year in Nigeria
Many may not know that Nigeria has continued to experience unprecedented cyber-attacks on commercial and individual platforms since 2021. Global cybersecurity and digital privacy company, Kaspersky, reported that Nigeria had 16.7 million cyberattacks in just six months, from January – June 2021, making the country, alongside Ethiopia, the countries with the highest increase of cyber-attacks on the continent compared to the pre-COVID year.
Ahead of 2022, Cybersecurity Experts Association of Nigeria warned that the country would witness an escalation in cyberattacks and cybercrime from what was witnessed in 2021. It also noted that the threat landscape would evolve and expand at a pace in the year ahead.
With the escalation in cyberattacks and cybercrime, the Country Head of HP Nigeria, a technology company, Mr. Emmanuel Asika, said Nigeria should expect to see ransomware gangs continue putting lives at risk, the weaponization of firmware exploits and much more. With this threat landscape, he pointed out key cybersecurity trends that organizations needed to be prepared for in 2022.
According to Asika, a continued commoditization of software supply chain attacks could result in more high-profile victims being targeted.
According to him, “The Kaseya breach – which impacted over 1,500 companies – demonstrated how supply chain attacks can be monetized. As a result, supply chain threats will likely rise over the next year, and we will see the continued commoditization of the tactics, techniques, and procedures (TTPs) used to conduct such attacks.”
He added that those threat actors would search for weak links in software supply chains and target software being used widely. Both Small and Medium Businesses (SMBs) and high-profile victims may be targeted, he said.
“The Kaseya attack should be a wake-up call to all ISVs that even if their customer base doesn’t consist of enterprise and government customers, they can still be caught in the crosshairs of attackers looking to exploit their customers. Now that this blueprint is in place, we could see these types of attack become more widespread in the year ahead,” Asika further said.
Cybersecurity experts have warned that 2022 is expected to witness an escalation in cyberattacks and cybercrime from what was seen in 2021. According to them, trends show that there will be a spike in Ransomware and Business Email Compromise (BEC) scams and deep fakes this year.
Asika agrees, pointing out that ransomware gangs could put lives at risk and engage in ‘pile-ons’.
Cyberattacks in 2022
Given the increasing rate of cybercrime in Nigeria, Asika warned that the rate may likely escalate in the remaining months of 2022. “Ransomware will continue to be a major risk in 2022, with victims potentially being hit more than once. The method will be akin to ‘social media pile-ons’ – once an organization is shown to be ‘soft’ or to have paid a ransom, others will pile on to get their share of the action. In some instances, threat actors will hit a company multiple times – doubling or even tripling extortion rackets. Ransomware operators will almost certainly intensify how they pressure victims into paying ransoms. Beyond data leak websites, attackers will use increasingly varied extortion methods, such as contacting customers and business associates of victim organizations,” Asika warned.
According to him, threat actors could also focus on hitting certain industries with a higher likelihood of payment, for example, healthcare firms and those in energy and resources. He believes thatattackers may well target high-risk devices, such as critical medical support systems and their supporting infrastructure, where the risk of significant harm will be highest, and therefore a payout will come quickly.
Asika further stated that small businesses are usually the most hit in Nigeria, as many of them don’t have the resources to put into cybersecurity, which makes them an easy target for hacking. Others include healthcare, government agencies, financial institutions, energy, and utility companies.
Threat Reports
The recent Check Point Research Threat Intelligence Report for Nigeria revealed that the number of attacks experienced per business each week is 2,308 across all industry sectors collectively. It was also shown in the per-industry analysis that this figure is still higher for firms in the finance and banking sector.
He further predicted that the weaponization of firmware attacks will lower the bar for entry. According to him, firmware provides a fertile opportunity for attackers looking to gain long-term persistence or perform destructive attacks. Regrettably, he noted, firmware security is frequently neglected by organizations, with much lower levels of patching observed.
“In the last year, we have seen attackers performing reconnaissance of firmware configurations, likely as a prelude to exploiting them in future attacks. Previously these types of attacks were only used by Nation-State actors. In the next 12-months, we can expect to see the TTPs for targeting firmware trickle down, opening the door for sophisticated cybercrime groups to weaponize threats and create a blueprint to monetize attacks,” the HP Nigeria boss said.
Asika expressed the belief that the lack of visibility and control over firmware security will exacerbate this issue. He advised that industries such as healthcare, where these attacks could be more probable, should start thinking about the risks posed by low-level malware and exploits.
“This is not welcome for a country like Nigeria, which remains one of the world’s most vulnerable countries to cyber-attacks. Last year, during the ENDSARS protest, several government and corporate websites came down in a series of cyberattacks claimed by the popular hacker group, Anonymous,” Asika said.
Perhaps more worrisome is the opportunity for more attacks on users, especially in this era of hybrid work, as occasioned by the COVID-19 pandemic.
“The shift to hybrid work will continue to create problems for organizational security. The volume of unmanaged and insecure devices has created a wider attack surface. Threat actors could start to target the homes and personal networks of top executives, or even government officials, as these networks are easier to compromise than traditional enterprise environments.
“Phishing will remain an ever-present threat in the era of hybrid work. The line between personal and professional has been blurred, with employees using home devices for work or corporate devices for personal tasks. This will continue, and there will likely be an increase in phishing attacks targeting corporate and personal email accounts, doubling attackers’ chances of a successful attack,” Asika further said.
Implications
He expressed fears that high-profile sporting events would present new opportunities to lure users into clicking on malicious content. For example, he said, an event such as the upcoming FIFA World Cup in Qatar gives threat actors plenty of scope for exploitation. “Such a large event attracts opportunistic attackers, be it a direct attack on organisers, sponsors, participants and fans or as phishing lures for malware and ransomware campaigns targeted at users. Organizations need to educate their workforce on the risks and enforce technical controls to prevent compromise,” he said.
Solution
As a solution, Asika feels that a new approach to security is needed, adding that the rise of hybrid working and continued innovation from threat actors means 2022 has plenty of nasty surprises in store. He therefore said a result, a fresh approach to securing work’s future, would be required.
The HP Country Head urged organisations to deliver protection where it is needed most: the endpoint. “Organizations should embrace a new architectural approach to security that helps to mitigate risk. This involves applying the principles of Zero Trust – least privilege access, isolation, mandatory access control and strong identity management,” he said.
Asika reiterated that this approach requires resilient, self-healing hardware designed to hold its own against attacks and recover quickly when needed while also containing and neutralizing cyber-threats. “For example, disposable virtual machines can be transparently created whenever the user performs a potentially risky activity, like clicking on an email attachment or link. This means any malware lurking inside is rendered harmless and allows organizations to reduce their attack surface drastically,” he said.