TheNewsGuru

Tag: Cybercrime

  • New ransomware attacking organisational networks discovered

    New ransomware attacking organisational networks discovered

    A new ransomware that targets organisational networks has been discovered by the Nigerian Computer Emergency Response Team’s (ngCERT).

    The Nigerian Communications Commission (NCC) made this known in a statement released by its Director, Public Affairs, Dr. Ikechukwu Adinde.

    According to the statement, a cybercrime group perfected the new year scheme to deliver ransomware to targeted organizational networks.

    The new ransomware uncovered by security experts has been categorised, by ngCERT advisory released over the weekend as high-risk and critical.

    According to the ngCERT advisory, the criminal group is said to have been mailing out USB thumb drives to many organisations in the hope that recipients will plug them into their PCs and install the ransomware on their networks.

    While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals.

    Describing how the cybercrime group runs the ransomware, the ngCERT advisory says the USB drives contain so-called ‘BadUSB’ attacks.

    The BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer.

    It then installs malware prior to the operating system booting, or spoofs a network card to redirect traffic.

    Numerous attack tools are also installed in the process that allows for exploitation of personal computers (PCs), lateral movement across a network, and installation of additional malware.

    The tools were used to deploy multiple ransomware strains, including BlackBatter and REvil.

    According to ngCERT, the attack has been seen in the US where the USB drives were sent in the mail through the Postal Service and Parcel Service.

    One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning.

    Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.

    However, ngCERT has offered recommendations that will enable corporate and individual networks to mitigate the impact of this new cyber attack and be protected from the ransomware.

    These recommendations include a call on individuals and organisations not to insert USB drives from unknown sources, even if they’re addressed to you or your organization.

    In addition, if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contacts the source to confirm they actually sent the USB drive.

    Finally, ngCERT has advised Information and Communication Technology as well as other Internet users to report any incident of system compromises to ngCERT via incident@cert.gov.ng, for technical assistance.

  • Cybercrime: NITDA urges police to protect legitimate IT business pros

    Cybercrime: NITDA urges police to protect legitimate IT business pros

    The National Information Technology Development Agency (NITDA) has appealed to the Nigeria Police Force (NPF) to protect legitimate IT business professionals in Nigeria.

    TheNewsGuru.com (TNG) reports the NITDA especially urged the NPF to allow young Nigerians with genuine IT businesses operate freely.

    The Director-General of NITDA, Mr Kashifu Inuwa, made the call on Wednesday when he paid a working visit with the management team of the agency to the Inspector General of Police, Usman Alkali, in Abuja.

    Inuwa said that there were innovations being initiated by Startups across the country which was impacting positively on the digital economy agenda of the country.

    “The critical role of Start-ups in our journey towards a Digital Nigeria cannot be overemphasised.

    “However, some tech Start-ups have reported being harassed by some Law Enforcement Agencies, with some having their IT systems confiscated.

    “This has negatively impacted on their business operations as well as the economy.

    “NITDA maintains a database of genuine Start-ups with verifiable business ventures and duly registered with the agency and access to such a database can be granted to the Force when need arises,” he said.

    Inuwa also said that in spite of genuine individuals running their IT businesses, there were cyber criminals that engage in cyber attacks, while there are private and public organisations that violate data in their possessions.

    He recalled that NITDA in January 2019 established the Nigerian Data Protection Regulation (NDPR) to ensure that citizens’ data were protected.

    He added that they would collaborate with the NPF to ensure that public and private organisations complied with the provisions of NDPR.

    Inuwa said the enforcement would ensure that citizens’ personal information was protected, tackle the menace of cybercrimes and encourage safer use of Internet among individuals, public, and private organisations in the country.

    “Cybersecurity has become very essential in today’s world where the society is more reliant on digital technology than ever before; and the sophistication and relentless attacks of cybercriminals are incomparable.

    “There is apparently no sign that this trend will slow down anytime soon and there is need for the collaboration between NITDA and the Force to tackle the menace through ensuring that organisations protect the personal information of all citizens at their disposal,” he said.

    He decried that individuals, private organisations, government establishments, the Military and paramilitary have all been targets of online attacks due to high rate of data leakage on the internet.

    “Reports from our cybersecurity monitoring platforms have indicated that activities of cybercriminals have increased exponentially; data leakage that can lead to identity theft are now being posted on social media and even auctioned for sale on the dark web.

    “It is important to note that this is a global phenomenon, nations around the world are reporting increased numbers of cyber espionage, Business Email Compromise Scams, Identity theft, among numerous other cybercrimes,” Inuwa said.

    The director-general added that the agency was strengthening its Computer Emergency Readiness and Response Team (CERRT) to provide support for Ministries, Departments and Agencies in addressing Cybersecurity incidents.

    He further stated that the agency publishes Information Assurance Guidelines for MDAs towards ensuring that they implemented the minimum controls required to safeguard their information assets.

    Inuwa also said that the enactment of the NDPR further ensured that personal data of data subjects were protected, adding that mechanisms are in place to ensure that violations to the regulation were investigated and sanctions applied where necessary.

    He recalled that the Federal Government had in April 2006 issued a circular directing all MDAs planning to embark on IT projects to obtain clearance from NITDA and subsequently re-enforced by another circular issued in August 2018.

    Responding, Alkali appreciated NITDA and assured it of the Force’s support towards realising the agency’s mandates.

    He reiterated the need for synergy and collaboration with NITDA, stating that no organisation can effectively operate without leveraging digital technologies and NITDA being the IT regulator in the country, was central to the activities of the Force.

  • Cybercrimes: EFCC sends strong warning to hotels owners

    Cybercrimes: EFCC sends strong warning to hotels owners

    The Economic and Financial Crimes Commission (EFCC) has sent a strong warning to owners and operators of hotels.

    TheNewsGuru.com (TNG) reports the EFCC warned hoteliers from allowing their premises and facilities to become havens for cybercriminals.

    The warning comes on the heels of a sting operation operatives of the EFCC carried out at Parkitonian Hotel in the Lekki area of Lagos State.

    The EFCC in a statement stated that hoteliers allowing their premises to be used for cybercrimes is in contravention of Section 3 of the Advance Fee Fraud and Other Fraud Related Offences Act.

    TNG reports in the early hours of Tuesday July 13, 2021 a team of operatives from the Lagos Zonal Office of the Commission, acting on verified intelligence on the activities of a suspected syndicate of internet fraudsters carried out an operation at Parkitonian Hotel.

    During the sting operation which was the culmination of weeks of surveillance during which the rooms occupied by the suspects were identified, 30 suspects were arrested with 24 of them already confessing involvement in cybercrimes and related activities, the EFCC stated.

    According to the Commission, there was no incident as the hotel management served with the relevant Warrant offered access to the operatives, to carry out their lawful duties.

    “However, in the course of the operation, the Operatives encountered women in some of the rooms who pleaded nudity to stop them from arresting their targets. This has lately become the antics of cyber fraudsters who procure ladies to plead nudity as a decoy, to allow their consort destroy incriminating items in their devices before arrest.

    “The Commission will not fall for such gimmick which is intended to prevent it from carrying out its lawful duties.

    “It must however be stated for emphasis, that there was no break in, no molestation and no violence of any kind during the operation.

    “Yet a section of the media, especially the online publication, People Gazette and the Punch Newspaper, which lapped up People Gazette’s report hook line and sinker, presented a narrative of gestapo operation, with forceful break in and the violation of the privacy of nude guests.

    “Interestingly, a common thread to the report is attribution to faceless sources. It is curious that citizens whose right to privacy had been so blatantly violated as claimed, would be hesitant to publicly speak about their ordeal.

    “Even more worrisome is the fact that a responsible publication like the Punch Newspaper did not bother to carry out a fact-check on the allegations of break in and violence but simply regurgitated the false narrative of People Gazette.

    “Also, from the two reports, both the hotel owner and his manager were quoted as refusing to speak on the operation. But the claim is obviously a game of ostrich as their involvement in pushing out the false narrative is discernable.

    “The hotel owner perhaps is ignorant of the fact that he could become an accomplice and liable for allowing his premises to be used for cybercrime, in contravention of section 3 of the Advance Fee Fraud and Other Fraud Related Offences Act.

    “The section provides that, a “person who, being the occupier or is concerned in the management of any premises, causes or knowingly permits the premises to be used for any purpose which constitutes an offence under this Act is guilty of an offence and liable on conviction to imprisonment for a term of not less than 5 years without the option of a fine”.

    “The Commission warns hoteliers from allowing their premises and facilities to become havens for cybercrime.

    “Adherence to the rule of law remains a core principle moderating the activities of the EFCC and the Executive Chairman, Abdulrasheed Bawa has repeatedly said the agency under his watch will not deviate from the norm,” the EFCC statement reads.

  • People to lose $10.5 trillion to cybercriminals by 2025

    People to lose $10.5 trillion to cybercriminals by 2025

    People will lose a whopping total sum of $10.5 trillion to cybercriminals by the year 2025, the International Criminal Police Organization, commonly known as INTERPOL has said.

    TheNewsGuru.com (TNG) reports INTERPOL made this known as it announced a new cybercrime operations desk known as African Joint Operation against Cybercrime (AFJOC).

    According to the law enforcement agency, the AFJOC will help to boost the capacity of 49 African countries to fight cybercrime and shape a regional strategy to drive intelligence-led coordinated actions against cybercriminals and support joint operations.

    TNG reports a 2017 assessment coordinated by INTERPOL with partners and member countries in Africa found that each act of Internet fraud targeting businesses enabled cybercriminals to steal an average of USD 2.7 million from companies and USD 422,000 from individuals.

    “With more than 4.5 billion people online, more than half of humanity is at risk of falling victim to cybercrime at any time, requiring a unified and strong response,” said Jurgen Stock, INTERPOL Secretary General.

    The creation of INTERPOL’s new cybercrime desk comes at a time when cybercriminals are attacking the computer networks and systems of individuals, businesses and global organizations when cyber defences might be more vulnerable due to the shift of focus to the pandemic crisis.

    The project, supported by funding from the United Kingdom (UK), will provide opportunities to take regular pulse checks on cybercrime in Africa and to publish annual threat landscape assessments that will underpin operational activities.

    With UK funding for the two-year initiative amounting to almost GBP 3 million, the Africa cybercrime initiative will be implemented by the Cybercrime Directorate at the INTERPOL Global Complex for Innovation in Singapore.

    Speaking at the CYBERUK conference in London, UK Foreign Secretary Dominic Raab said: “We are working with like-minded partners, to make sure that the international order that governs cyber activity is fit for purpose.

    “Our aim should be to create a cyberspace that is free, open, peaceful and secure, which benefits all countries and all people.

    “We want to see international law respected in cyberspace, just like anywhere else. And we need to show how the rules apply to these changes in technology, the changes in threats, and the systemic attempts to render the internet a lawless space”.

    Meanwhile, explaining why the project is needed, an INTERPOL statement reads: “Cybercrimes affect all countries, but in Africa, weak networks and security make countries especially vulnerable, as well as a high number of malicious domains.

    “Studies conducted by INTERPOL, partners and member countries in West Africa between 2015 and 2017 for example, showed the region had a growing underground market and high levels of social engineering/financially motivated threats against vulnerable people.

    “A high level of Internet fraud targeting businesses, while only one-third of cybercrimes reported to law enforcement agencies each year resulted in arrests.

    “Subsequently, and reflecting the global trend, member countries have anecdotally reported an elevated volume in incidents. This project will take another pulse check on the region and enable us to gather research and intelligence to underpin the operation activities”.

  • Syndicate of 13 criminals busted in Abuja

    Syndicate of 13 criminals busted in Abuja

    Luck ran out on a syndicate of 13 cybercrime suspects when operatives of the Abuja Zonal Office of the Economic and Financial Crimes Commission (EFCC) raided their hideouts and apprehended them on Thursday.

    Five of the suspects were picked up at an N8m a year apartment in Gilmore Estate, Jahi, while the other eight were arrested at Katampe Extension, all in Abuja.

    According to the EFCC, the arrest followed actionable intelligence on their alleged criminal enterprise.

    “Incriminating items recovered from them include iPhones, laptops, gaming consoles, 1 Toyota Avalon and a Lexus SUV.

    “The suspects have given valuable information and will be charged to court as soon as investigations are concluded,” EFCC stated.

  • Interpol nabs 3 Nigerians involved in scamming 50,000 victims

    Interpol nabs 3 Nigerians involved in scamming 50,000 victims

    Three suspects have been arrested in Lagos State following a joint cybercrime investigation by INTERPOL, Group-IB and the Nigeria Police Force (NPF).

    The Nigerian nationals are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns and extensive Business Email Compromise scams.

    The suspects are alleged to have developed phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations.

    They then used these campaigns to disseminate 26 malware programmes, spyware and remote access tools, including AgentTesla, Loki, Azorult, Spartan and the nanocore and Remcos Remote Access Trojans.

    These programmes were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and syphoning funds.

    According to Group-IB, the prolific gang is believed to have compromised government and private sector companies in more than 150 countries since 2017.

    Group-IB was also able to establish that the gang is divided into subgroups with a number of individuals still at large.

    While investigations are still ongoing, some 50,000 targeted victims have been identified so far.

    The year-long investigation, dubbed ‘Operation Falcon, saw INTERPOL’s Cybercrime and Financial Crime units work closely with Group-IB to identify and locate threats, and ultimately, assist the Nigerian Police Force, via the INTERPOL National Central Bureau in Abuja, in taking swift action.

    Group-IB’s participation in the operation came under Project Gateway, a framework which enables INTERPOL to cooperate with private partners and receive threat data directly.

    Craig Jones, INTERPOL’s Cybercrime Director highlighted the outstanding cooperation between all those involved in the investigation and underlined the importance of public-private relationships in disrupting virtual crimes.

    “This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation,” he said.

    In a separate statement on Wednesday, Group-IB described the three arrested persons as follows: “«OC» (32 y.o.), «IO» (34 y.o.), and «OI» (35 y.o.)”, adding that they were “identified with the help of Group-IB Cyber Investigations and CERT-GIB teams”.

    “The data discovered on the devices of the arrested TMT members has confirmed their involvement in the criminal scheme and identified stolen data from at least 50,000 targeted victims, according to Nigerian Police.

    “Group-IB has been tracking the gang since 2019 and established that around 500,000 government and private sector companies could have been compromised by TMT gang members.

    “Based on the infrastructure that the attackers use and their techniques, Group-IB was also able to establish that the gang is divided into subgroups with a number of individuals still at large.

    “The findings on other suspected gang members, whom Group-IB was able to track down, have been shared with INTERPOL’s Cybercrime Directorate. The investigation continues.

    “The analysis of their operations revealed that the gang focuses on mass email phishing campaigns distributing popular malware strains under the guise of purchasing orders, product inquiries, and even COVID-19 aid impersonating legitimate companies,” the statement by Group-IB reads.

  • Non-delivery scams: 5 reasons they work and how to avoid becoming a victim

    Non-delivery scams: 5 reasons they work and how to avoid becoming a victim

    In non-delivery fraud, criminals promise highly sought-after goods, collect payment, then, never deliver. While the principle is simple, the fraud scheme is often sophisticated and can yield huge profits.

    Criminals can adapt a well-established modus operandi to suit any product, from masks during a pandemic to electronics or even everyday items such as paper.

    In July 2020, following increased reports of large-scale non-delivery fraud, INTERPOL issued a Purple Notice to warn its 194 member countries of the modus operandi used by criminals.

    Although the Notice itself is for law enforcement use only, here are the five things the INTERPOL provided you need to know about non-delivery fraud, and why it is so easy to fall prey.

    1. It’s organized crime.

    Contrary to popular belief, these types of scams are not just carried out by lone “wheeler-dealers”. Organized crime groups have gone to great lengths to set up a sophisticated modus operandi involving websites, salespeople, intermediaries and of course, bank accounts. Scams often involve more than one country in order to make victims feel helpless and complicate investigations.

    2. Advertising draws victims in

    Glossy advertisements imitate those of trustworthy businesses, attracting victims with high-quality images, brand names and genuine reference numbers. Criminals approach potential buyers online or in person by infiltrating professional purchasing circles.

    Fake websites and social media accounts almost identical to those of known businesses offer several ways to make contact with the alleged seller. Online contact forms, phone numbers and email addresses all give the impression of a legitimate customer service centre.

    3. Everything seems official

    Once contact is made, the sales exercise can begin. Prices for large orders are negotiated and validated by “superiors”. Scammers provide contracts, proforma invoices and paperwork on official letterhead.

    Fraudsters then ask for an advance payment to secure the merchandise. The payments, which can go from 40% to 100% of the full order depending on the total amount, are made directly into accounts which have been opened under registered (fake) companies.

    Finally, victims are given links or tracking numbers so that they can follow the shipment from the supplier to destination.

    4. Salespeople create relationships

    Alleged sellers work hard to create trust with the buyer. Whether it is flattery (“you’re my best client”), social engineering (“you’re so lucky, this product is impossible to find right now”) or lies (“we got special permission for this shipment”), the scammer will maintain contact throughout the delivery process.

    The scammer will also invent as many reasons as possible to obtain extra payments along the way, such as customs fees, express delivery, insurance, etc. Contact is maintained until the victim starts to hesitate, becomes irate or accuses the salesperson of fraud.

    5. They disappear

    Once scammers feel they have been uncovered, they end all contact. Phones are cut off, emails go unanswered and websites are shut down. Victims are left in shock and ashamed, often reluctant to report the fraud to superiors and police.

    Criminals, on the other hand, move on quickly and start a new fraud with a new product. If one domain is suspended or taken down, other domains are still available to attract new victims. The cycle starts again.

    How to protect yourself from non-delivery fraud

    Follow these steps to protect yourself from experienced fraudsters:

    • Be aware of bogus websites – criminals will often use a web address which looks almost identical to the legitimate one, e.g. ‘abc.org’ instead of ‘abc.com’;
    • Verify the company/individual offering the items before making any purchases;
    • Check online reviews and consumer protection groups – for example, have other customers complained about not receiving the promised items?;
    • Be wary if asked to make a payment to a bank account located in a different country, as it is more difficult to liaise with entities abroad once fraud is detected;
    • Keep your radar on high alert, especially if you are asked to pay unplanned fees;

    Most importantly, if you believe you have been the victim of fraud, alert your bank and police immediately so the payment can be stopped and/or recalled.

  • ‘Nobody is perfectly protected from cyberattack during COVID-19’

    By Dayo Benson Editor Politics, Law & Human Rights New York

    Cybercrime has spiked since Coronavirus scourge swept through cities. Social distancing has not deterred scammers. At times like these, unsuspecting people fall easy prey.
    Threats of cybercrime are however preventable. These challenges are the focus of a virtual media briefing at the behest of New York Foreign Press Center, NYFPC. The video conference, provided an insight into current cyber landscape in the United States. Recent threats, including breaches and motivations of cyber adversaries are examined. Mr. Edward Stroz, Co-President of Aon Cyber Solutions, speaks to these issues.
    Mr. Stroz is the founder and co-president of Stroz Friedberg, an Aon company. The firm is a global leader in investigations, intelligence, and risk management. He oversees the firm’s growth and clients developments while ensuring the maintenance of its distinctive culture. Before starting the company, Stroz was a special agent with the FBI. There, he formed FBI computer crimes squad in New York.
    In this briefing , he also discusses how COVID-19 can attract bad actors. He equally put his finger on what healthcare industry is doing to deter hackers.
    His views expressed in this briefing are personal. They do not represent those of the United States Government.

    “So greetings, everyone, and good day if it’s afternoon where you are. It happens to be late morning where I am. And I think it’s too important not to start off by saying that I hope everyone and their families are well during these extraordinary days, which are worldwide.”, he says after responding to the moderator’s “nice introduction”. He continues,
    “This session that I will focus on has to do with cyber risk in that I think there are almost parallel lessons between what we are seeing in the relationship to the COVID-19 problem and even some of the concepts related to how cybersecurity has to be managed by companies.”

    He speaks on the current risk: “So I have three main areas that I’d like to start with. I’ll be brief in some opening comments. One is some trends that we are seeing in the communities that we service and with our clients; secondly, some of the specific attacks that we are encountering in the current environment; and then thirdly, some points about implications for security to improve and the kinds of things that companies and individuals can do to try deal with this enhanced risk.

    “So specifically, what we are seeing in the way of trends – first of all, if you are wondering, are cyber attacks slowing down in this environment with COVID-19, they are not. In fact, they are increasing. And I was recently on a webinar hosted by one of our law firm clients that had said in their experience, they are seeing a five-fold – that would be five times – increase in the types of cyber crime that their clients are experiencing. Specifically, what you see quite a bit today are attacks on computer resource availability, specifically ransomware attacks, and these are – I think most of you are familiar with that term, but a ransomware attack is an attack with malware that will encrypt a computer that is infected with malware – that is, ransomware – and the only way to decrypt it so it can function again is to pay some type of a ransom to the adversary that installed the ransomware. And they usually want to be paid in the form of a cryptocurrency, usually bitcoin.

    “Another trend that we’re seeing is that the vulnerabilities of our clients are also increasing, mostly because their staff cannot come into the office. So, in order for companies to function in this environment, if you’re in an area where people are not supposed to go to work or your company does not want people to come to the office, then the staff are at home using whatever resources they have at home to function. So if you were using your home Wi-Fi network, if that home Wi-Fi network is not as secure as it should be, you have new vulnerabilities. If somebody is using their personal computer, or their iPhone, or the devices and things, just to be functional, they may not be able to enjoy the security features that the employer and the company put in place when they were working from the office.

    “And also, if you were working from home and if you were targeted by an adversary, the adversaries can usually learn quite a bit about your home, where you live, what kinds of things you’re doing, what features make up your lifestyle at home, and as we’ll see when we talk a little bit more, they may target you more effectively because of that. This is all about, I would say, new ways to trick people, because many of the cyber attacks today begin with a root cause of tricking somebody to either click on an attachment, or to click on a link, or in some way be fooled to do something because the person who is receiving the communication does not realize it is coming from an adversary.”

    From general trend, he speaks to specific issues. These include cyber attack on health care organizations, false information on COVID-19, supply chain disruption as it affects PPE (Personal Protective Equipments), economic stimulus check tricks and attack on targeted organizations. “So those are some of the big sort of trends that we’re seeing. If we switch into the specific types, be a little bit more specific, what we’re seeing is that there’s a targeting of health care organizations. Now, this is especially impactful. It’s especially sad. But if you are in the business of providing health care services, whether you are in the private sector or even in government, adversaries are using this as an opportunity to try to exploit the dependency that people have on this. We’ll talk about some specific examples, but it’s been in the press that in the United States Health and Human Services, a federal agency, has been attacked in this way, as has the World Health Organization, the WHO. Again, malware and ransomware have been targeted to varying degrees of success to these organizations, and this has really ramped up in the context of people’s dependency and expectation to be going to these – to the websites of these organizations.

    Stroz delves into more details “A second specific type of attack would be a financially motivated threat, where what we’re seeing on the dark web – this is the part of the internet that you can’t access through your normal browser – but on the dark web, where malware is developed and offered for sale, that malware with a price tag of anywhere between about $400 to $1,000 U.S. is being offered. “Much of the dialogue that we have seen on the dark web about this is in – not just in the English language but also in non-English languages such as Russian and Chinese. And they are offering malware such as specific, custom-made ransomware today that is designed to exploit people’s concerns about the COVID-19 infections. So the – when you receive an email that is coming from an adversary, it will often be crafted to look like it is helpful information or advice about COVID-19 and people will click on that, and by that simple action of clicking, they can be infected with malware. Most of that malware is aimed at Windows systems, but there is also some evidence that the exploits are making use of Java-scripting.

    “Other areas specifically would have to do with the supply chain, disruptions of what has been called PPE, personal protective equipment. “So this is the kind of equipment that people, especially health professionals, wear when they are in hospitals and servicing patients so that they themselves don’t get infected: face shields, wraps for your body, gloves, face masks, things of that nature. And you will see because there is a demand for this that adversaries are offering through fraudulent emails and other websites, an opportunity, they say, to purchase or find these kinds of PPE for sale. And when you actually click on it or follow the link, you wind up receiving the malware that was hidden inside.

    “We also will see – and I think we’ll see this more in the future – fraudulent lures for economic stimulus checks, because there are many people out there who are aware from reading the news and listening to the news that there are economic stimulus checks to help with this time, and adversaries are crafting their attacks so that they purport to be associated with a way to get information about these programs, when in actuality they are adversaries looking to install malware on your computer.

    “And lastly, I would say we also see examples of some of the extremist groups trying to take advantage of the current situation in the world to sort of encourage their followers to use this time of disruption to try to go after and attack the organizations that they hate and to encourage their people to use this current situation to be able to be more effective in their adversarial actions.

    Stroz however explains recommendations often made to clients which may make them less vulnerable: “With that, I just want to quickly talk about some of the actions that can be taken, and then I’ll be happy to after that open it up for questions.

    “So what do you do in a situation like this? You’re aware of the attacks that can be launched, that they are being updated for taking advantage of the current concerns that people have. Well, for one thing, you can plan for the possibility that you will experience this. So most of our clients are companies, but we also have individuals who are clients, and we always tell them: Plan for an incident. A good plan that you can think of is better than the perfect plan that you never get around for.

    “If you experience an attack this way and you are victimized say, for example, by ransomware, how would you recover? And there is no single, simple answer to this because it depends very much on the technologies you use, the resources you have, and the things you have put in place in advance and how you use them. But you can be guided through this, just as you can with any other type of an attack.

    “We also recommend that now is a good time for companies to institute awareness training for their employees, to know what to look for and know what to do if you experience it. So when I talked about the kinds of emails that can carry malware and ransomware, we can help companies by telling them that they are more likely to experience something like this today; it is even more likely that a risky email will come in, in some way tricking you around the COVID-19 infections, and that you should be that much more skeptical about clicking on something rather than trusting it.

    “We also tell companies and people to evaluate your critical suppliers. If your suppliers that you depend on are sophisticated in their cybersecurity, that will be better for you, because you depend on that supplier. On the other hand, if you don’t know about the cybersecurity, the degree of sort of sophistication they have and what they’ve done, their vulnerability – because they are a supplier to you – will introduce a vulnerability back to your organization.

    “We also believe it’s important to monitor for threats. You heard me talk before about how we monitor the dark web for our clients. Clients who can monitor or have those services should be emphasizing the importance of doing that frequently and specifically at this time know that you may be more likely to be targeted and that you may see indications of being targeted on the dark web during these days, more so than even before COVID-19.

    “And then lastly, I’d just say it’s a good time to use the fact that people are working from home, may have a little bit more time, and can take the effort to identify their security vulnerabilities and patch them. Every company has vulnerabilities. There’s nobody who is perfectly protected. But this can be an opportunity more important to look at those vulnerabilities and to be able to prioritize addressing them. Because if they get exploited, the fact that people are all working from home may hinder and make it more difficult for you to recover.”

  • Pantami says cybercrime travels at speed of light, advocates awareness

    The Minister of Communications and Digital Economy, Dr Isa Pantami, has said that cybercrime travels at the speed of light while cyber security travels at the speed of law.

    He stated this at the maiden Cyber Security Conference organised by the Nigerian Communications Commission (NCC), on Thursday in Abuja noting that awareness was key to secure cyberspace.
    The conference was tagged: “Strengthening the Security and Resilience of the Nation’s Communications Infrastructure’’

    The minister further explained that the bill to check the threat was not something that could be enacted within a day or two, adding that cybercrime did not respect the law.

    “We should ensure that we secure our cyberspace through creating awareness; awareness is key, let people understand that when you go online you are exposed.
    “You need to take some precautions to ensure that you minimise the risks of exposing yourself to it.
    “If we create that awareness, it will go a long way in reducing the cybercrime we have in Nigeria.

    “Many people do not know the implication of receiving emails without knowing the source and just go and open the attachment.
    “This is one of the ways that our systems are being compromised and secondly through using pirated supplies.

    “We usually look at the cheapest one. If we go for the cheaper one, the probability of compromising our system is high.
    “We need to be updating our applications whether on our Smart phones or anywhere,” Pantami said.

    Earlier, the Executive Vice Chairman (EVC) NCC, Prof. Umar Danbatta, said that the internet provided a vast array of prospects to individuals irrespective of their status.

    Danbatta said that with the growing volume of adoption of technologies and broad nature of the internet, came the sophistication of cyber-attacks.
    He noted that such allowed cyber criminals to attack people outside their geographical locations.

    “From social networking to businesses, to research and development, and so much more, all can be exploited by cyber criminals to carryout crimes over the medium.

    He said that both technical measures and appropriate legal instruments must be put in place to enhance the resilience and integrity of ICT infrastructure and also to safeguard cyberspace users.

    The EVC informed the gathering that an e-fraud desk would be created in his organization to serve as a platform for reporting cases to the security agencies for further investigations and prosecution.

    According to Danbatta, the NCC is committed to making sure that the Internet has less cyber criminals, through educating members of the public on the negative impacts of cybercrime.
    He stressed the need to limit the impacts by putting in place some initiatives, such as:

    “To collaborate with relevant stakeholders to embark on a nationwide Cyber security awareness campaign starting with the FCT and extending to all 36 states of the federation, targeting at young school children.

    “To enlighten them on Internet etiquettes, Cybercrime and its Penalties in line with the Nigerian Cybercrime Act 2015, and protection against Cybercriminals.

    “Establishmet of a Cyber Security Incidence Response Team (CSIRT) Centre to help serve as the single national point of contact for international coordination of Cyber security incidents in Nigeria.

    “To create Technical Framework for the Use of Social Media Network in Nigeria.
    Danbatta said the objective “is to provide the baseline for Social Media governance, policy, and procedures to guide individuals, businesses or the government on the use of social media.”

    The conference was to introduce cyber insurance, bridging the cyber workforce gap and strengthening national cooperation.
    It was also for exchange of information and development of comprehensive strategies to curb cybercrimes.

    The programme, which will be annual, will address the cyber security challenges confronting the communications industry in Nigeria.

  • Cybercrime: Entertainers lend voices as Naira Marley’s trial resumes

    As the Economic and Financial Crimes Commission (EFCC) is set to resume trial of Nigerian popstar, Naira Marley over fraud, frontline comedians have lent their voices voices against cybercrimes in the society.

    TheNewsGuru (TNG) reports this took place when the frontline comedians visited the EFCC headquarters in Abuja on Tuesday in support of the anti-graft agency’s enlightenment and preventive campaigns against the scourge.

    The comedians, Mc Tagwaye, Ambassador Wahala and Chuks D General in an interactive session noted that some players in the entertainment industry are misleading the youth into cybercrimes through display of ostentatious lifestyles and unedifying content they make available to the public.

    “We are pastors over unknown audiences, who are religiously looking up to us as entertainers. There is a need to be cautious of our contents and lifestyles so as not to mislead the general public into cybercrime,” Chuks D General said.

    Ambassador Wahala observed that, “Role models in the entertainment industry are not telling their audience the true story behind their success. A lot of their followers are not seeing the work involved; they are misled by what they see and a lot of them are anxious to make it like these celebrities, they end up toeing the path of cybercrime as a quick access to making it to the top”.

    He noted that comedians can aid the fight against cybercrime and corruption by developing contents that will speak to the conscience of the youth on the dangers of life on the fast lane.

    “Entertainers can join hands with the Commission by taking the message down to the youths,” he said. While urging Nigerian youth to cooperate with the Commission by staying away from cybercrimes and embrace decent sources of livelihood, they commended the Acting Chairman of the EFCC, Ibrahim Magu for his determination and passion to completely rid the country of corruption and for the successes so far recorded in the fight by the Commission.

    Recall that singer Naira Marley was on the 14th of June released exactly 14 days after he was granted bail by the Ikoyi High court. The trial however resumes in a month time as Naira Marley needs to give answer to all charges leveled against him by the EFCC.

    EFCC leveled an 11-count charge against Naira Marley. The alleged crimes were in contravention of the Money Laundering (Prohibition) Act and the Cyber Crimes Act, which he risks seven years in jail if found guilty. The charges with suit number FHC/L/178C/19 were filed before a Lagos State High Court. 10 days after his arrest, Naira Marley was arraigned before Justice Nicholas Oweibo of the Federal High Court, Ikoyi, Lagos.