The world saw an alarming 105 per cent surge in malware cyberattacks last year, and reports say the attacks keep increasing daily. The attacks are designed to cripple people or businesses by making the computer systems unusable until they pay money or “ransom’’. Hackers or cybercriminals also steal vital documents and Personal Information Number (PIN) of individuals and companies via malware attacks.
- I didn’t rape anybody but happy I went to prison — Actor Moses Armstrong
- I was joking about buying Manchester United Football Club — Elon Musk
There was a 1,885 per cent increase in ransomware attacks across the world last year, and the health care industry faced a 755 per cent increase in those attacks, according to the 2022 Cyber Threat Report released by SonicWall, an internet cybersecurity company.
A malware attack is a common cyberattack where malware (normally malicious software) executes unauthorised actions on the victim’s system. The malicious software, a.k.a. virus, encompasses many specific types of attacks such as ransomware, spyware, command and control, among others.
Cybersecurity experts say cyber attackers create, use and sell malware for many different reasons, but it is most frequently used to steal personal, financial or business information. While their motivations vary, cyber attackers nearly always focus their Tactics, Techniques and Procedures (TTPs) on gaining access to privileged credentials and accounts to carry out their mission.
An expert, Kabiru Muyili, said the increase in ransomware attacks was linked to the rise in remote work and company employees working outside their office networks. Just like in physical abduction of people, individual companies that pay ransomware to cybercriminals could also be perpetuating that behaviour, according to Muyili, a Lagos-based ICT expert.
Dmitriy Ayrapetov, VP of Platform Architecture at SonicWall, said, “Ransomware operators are profit-driven.” Ayrapetov added that, “As long as there is a profit they will continue to bring in new players, actors, etc. And of course, on the other side, a lack of security or a lack of preparation allows for this to continue.”
Just this year, the Nigerian Communications Commission (NCC)’s Computer Security Incident Response Team (NCC-CSIRT) issued dozens of malware advisory notes, warning Nigerians to beware of the dangerous computer virus.
Yesterday, the NCC flagged off a new malware, HiddenAds, which has infiltrated Google Play Store that can impact device performance and jeopardise users’ privacy.
In its latest advisory on Tuesday, NCC-CSIRT classified the virus, first identified by the McAfee Mobile Research Team, as high in probability and damage potential.
It said the malware infiltrated the Google Play Store in the form of several device cleaners or optimisation apps.
According to the summary provided by NCC-CSIRT “Upon installation, it can runmalicious services without the user opening the app. It also spams the user with irrelevant advertisements. The apps have received downloads ranging from 100,000 to over a million.
“Some of the apps HiddenAds masquerades as are: Junk Cleaner, EasyCleaner, Power Doctor, Carpet Clean, Super Clean, Meteor Clean, Strong Clean, Windy Clean, Fingertip Cleaner, Keep Clean, Full Clean – Clean Cache, Quick Cleaner, and Cool Clean.
“When a user installs any of the aforementioned apps, whether the user has opened the app or not, a malicious service is immediately installed on the device. The app will then attempt to blend into the app tray by changing its icon to the Google Play icon that every Android user is familiar with. Its name will also change to Google Play or Setting. The device will then be bombarded with ads in a variety of deceptive ways, severely impairing the user experience,” the advisory stated.
Anyone that installs the compromised app will experience their device performance suffering significantly, clicking on the ads may result in stealth downloads/installation of other malware, users may inadvertently subscribe to services and be billed on a monthly basis, and the privacy of users will be jeopardised.
NCC-CSIRT advised users to avoid downloading questionable apps or apps they were unsure about while those who had installed any of the identified malicious apps should immediately delete them.
It further disclosed that where the malicious app’s icon and name had changed, it could be identified by the fact that it was removable while the legitimate Google Play app could not be uninstalled.
The advisory recommended the installation of anti-virus/anti-malware software with a proven track record for detecting and removing malware.
The Computer Security Incident Response Team (CSIRT) is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large. The CSIRT also work collaboratively with the Nigeria Computer Emergency Response Team (ngCERT), established by the federal government to reduce the volume of future computer risks incidents by preparing, protecting and securing the Nigerian cyberspace to forestall attacks, problems or related events.
How to prevent malware attacks
To strengthen malware protection and detection without negatively impacting business productivity, individuals and organisations should take the following steps:
Use anti-virus tools to protect against common and known malware.
Utilise endpoint detection and response technology to continuously monitor and respond to malware attacks and other cyber threats on end-user machines.
Follow application and Operating System (OS) patching best practices.
Implement the principle of least privilege and just-in-time access to elevate account privileges for specific authorized tasks to keep users productive without providing unnecessary privileges.
Remove local administrator rights from standard user accounts to reduce the attack surface.
Apply application greylisting on user endpoints to prevent unknown applications, such as new ransomware instances, from accessing the Internet and gaining the read, write and modify permissions needed to encrypt files.
Apply application whitelisting on servers to maximise the security of these assets.
Frequently and automatically backup data from endpoints and servers to allow for effective disaster recovery.