For many months last year, Nigeria came under several malware attacks, according to advisories issued by the Nigerian Communications Commission (NCC). Though it was not officially stated if these attacks were successful, some analysts believe massive data might have been leaked and secret expensive ransomware payouts might have taken place.
But it seems the cyber criminals are upping their threat game in a big way this year, if a new advisory by NCC is anything to go by.
A malware is a generic word used to describe a virus or software, designed specially to “disrupt, damage, or gain unauthorized access to a computer system.”
According to Verizon’s 2019 Data Breach Report, 28% of data breaches involve malware. This dangerous software threatens every organization and is becoming more common every day.
On Saturday, the NCC alerted members of the public that a cybercrime group had perfected a New Year scheme to deliver ransomware to targeted organizational networks. The new ransomware, according to NCC, was uncovered by Nigeria’s security experts and was categorised, by the Nigerian Computer Emergency Response Team’s (ngCERT) as high-risk and critical. The ngCERT is the national agency established by the Federal Government to manage the risks of cyber threats in the Nigeria. It also coordinates incident response and mitigation strategies to proactively prevent cyber-attacks against Nigeria.
According to the ngCERT advisory, the criminal group was said to have been mailing out USB thumb drives to many Nigerian organisations in the hope that recipients will plug them into their PCs and install the ransomware on their networks. While businesses are currently being targeted, criminals could soon begin sending infected USB drives to individuals, NCC said.
Describing how the cybercrime group runs the ransomware, the ngCERT advisory said the USB drives contain so-called ‘BadUSB’ attacks. The BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer. It then installs malware prior to the operating system booting, or spoofs a network card to redirect traffic.
In late November last year, the commission notified Nigerians of another hacking group orchestrating cyberespionage in the African telecoms space.
An Iranian hacking group known as Lyceum (also known as Hexane, Siamesekitten, or Spirlin) has been reported to be targeting telecoms, Internet Service Providers (ISPs) and Ministries of Foreign Affairs (MFA) in Africa with upgraded malware in a recent politically motivated attacks oriented in cyberespionage.
Early in Novermber, the NCC informed telecom consumers and the general public that a new Android malware had been discovered. The malware, named ‘AbstractEmu’, can gain access to smartphones, take complete control of infected smartphones and silently modify device settings while simultaneously taking steps to evade detection, according to NCC.
In October, NCC alerted millions of Nigerian telecom consumers of the existence of new, high-risk and extremely-damaging, Malware called Flubot.
According to the information received on October 21, 2021, from the ngCERT, Flubot “targets Androids with fake security updates and App installations”.
The ngCERT affirmed that Flubot “impersonates Android mobile banking applications to draw fake web view on targeted applications” and its goal transcends stealing personal data and essentially targets stealing of credit card details or online banking credentials.
FluBot is circulated through Short Message Service (SMS) and can snoop “on incoming notifications, initiate calls, read or write SMSes, and transmit the victim’s contact list to its control centre.” This malware attacks Android devices by pretending to be “FedEx, DHL, Correos, and Chrome applications” and compels unsuspecting users to alter the accessibility configurations on their devices in order to maintain continuous presence on devices.
The malware, according to NCC, undermines the security of devices by copying fake login screens of prominent banks, and the moment the users enter their login details on the fake pages, their data is harvested and transmitted to the malware operators’ control point from where the data is exploited by intercepting banking-related One Time Passwords (OTPs) and replacing the default SMS app on the targeted Android device. Consequently, it secures admittance into the device through SMS and proceeds to transmit similar messages to other contacts that may be on the device it has attacked enticing them into downloading the fake app.
‘’It suffices to say that, when Flubot infects a device, it can result in incalculable financial losses. Additionally, the malware creates a backdoor which grants access to the user’s device, thus enabling the invader or attacker to perform other criminal actions, including launching other variants of malware’’, NCC’s spokesman, Ikechukwu Adinde said.
How malware spreads
Malware can get onto your computer in a number of different ways. Here are some common examples:
· Downloading free software from the Internet that secretly contains malware
· Downloading legitimate software that’s secretly bundled with malware
· Visiting a website that’s infected with malware
· Clicking a fake error message or pop-up window that starts a malware download
· Opening an email attachment that contains malware
There are a lot of different ways that malware can spread, but that doesn’t mean you’re powerless to stop it. Now that you know what malware is and what it can do, let’s go over some practical steps you can take to protect yourself.
How do you know you have malware?
A device that has been infected often has symptoms such as:
· Unusually slow or frozen system functionality
· Spam and pop-up ads
· Frequent system crashes
· Unknown icons on the desktop
· Redirection from a popular website to an unknown one
· New files or folders created without your permission
Types of Malware
There are several major types of malware to keep an eye out for:
· Adware — Adware automatically delivers advertisements to generate revenue for its creator or a third party. It is often used in conjunction with spyware.
· Backdoor (trapdoor) — A backdoor allows cybercriminals to access a computer without the user’s knowledge. Backdoors are meant for future use and can remain in a system for years without being noticed.
· Rogueware — Rogueware misleads users into believing their device is infected so they will click on a fake warning, which promptly installs malware.
· Ransomware — Ransomware restricts users from accessing a system or its data, and often threatens to publish or delete data, until ransom is paid. Locker ransomware restricts access to the infected device, while crypto ransomware restricts access to stored data and files.
· Spyware — Spyware is designed to gather information about a user or business. Once installed, it can log keystrokes and extract sensitive information. Spyware can also enable hackers to watch and listen through cameras and microphones.
· Trojan horse — A Trojan horse imitates legitimate software to deceive users into installing other malware.
· Virus — The oldest type of malware, viruses alters the way a computer operates. A virus can replicate itself and spread to other devices, but it must be attached to another program or executed by a user action.
· Worm — Worms are the most common type of malware and one of the most dangerous, because they can replicate themselves without being attached to a program or run by a user.
10 security tips for malware prevention
There are no ways to prevent malware attacks but there are reliable ways to detect and block attacks, thus protecting your systems from being infected by malicious software.
Install anti-virus and anti-spyware software
Anti-virus and anti-spyware programs scan computer files to identify and remove malware. Be sure to:
· Keep your security tools updated.
· Immediately remove detected malware.
· Audit your files for missing data, errors, and unauthorized additions.
Use secure authentication methods
The following best practices help keep accounts safe:
· Require strong passwords with at least eight characters, including an uppercase letter, a lowercase letter, a number and a symbol in each password.
· Enable multi-factor authentication, such as a PIN or security questions in addition to a password.
· Use biometric tools like fingerprints, voiceprints, facial recognition and iris scans.
· Never save passwords on a computer or network. Use a secure password manager if needed.
Use administrator accounts only when absolutely necessary
Malware often has the same privileges as the active user. Non-administrator accounts are usually blocked from accessing the most sensitive parts of a computer or network system. Therefore:
· Avoid using administrative privileges to browse the web or check email.
· Log in as an administrator only to perform administrative tasks, such as to make configuration changes.
· Install software using administrator credentials only after you have validated that the software is legitimate and secure.
Keep software updated
No software package is completely safe against malware. However, software vendors regularly provide patches and updates to close whatever new vulnerabilities show up. As a best practice, validate and install all new software patches:
· Regularly update your operating systems, software tools, browsers and plug-ins.
· Implement routine maintenance to ensure all software is current and check for signs of malware in log reports.
Control access to systems
There are multiple ways to regulate your networks to protect against data breaches:
· Install or implement a firewall, intrusion detection system (IDS) and intrusion prevention system (IPS).
· Never use unfamiliar remote drives or media that was used on a publicly accessible device.
· Close unused ports and disable unused protocols.
· Remove inactive user accounts.
· Carefully read all licensing agreements before installing software.
Adhere to the least-privilege model
Adopt and enforce the principle of least-privilege: Grant users in your organization the minimum access to system capabilities, services and data they need to complete their work.