The Nation Newspaper

Tag: cybercrooks

  • Cybercrooks breach cloud server honeypot

    A global leader in network and endpoint security, Sophos, yesterday said cybercriminals have attacked one of the cloud server honeypots within 52 seconds of its going live.

    On average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot.

    The honeypots were set up in 10 of the most popular Amazon Web Services (AWS) data centers in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period. The attack of yesterday was launched in Sao Paulo, Brazil.

    A honeypot is a system intended to mimic likely targets of cyberattackers, so that security researchers can monitor cybercriminal behaviors.

    In the study, more than five million attacks were attempted on the global network of honeypots in the 30-day period, demonstrating how cybercriminals are automatically scanning for weak open cloud buckets.

    If attackers are successful at gaining entry, organisations could be vulnerable to data breaches. Cybercrooks also use breached cloud servers as pivot points to gain access onto other servers or networks.

    Security Specialist at Sophos, Matthew Boddy, said: “The Sophos report, Exposed: Cyberattacks on Cloud Honeypots, identified the threats organisations migrating to hybrid and all-cloud platforms face. The aggressive speed and scale of attacks on the honeypots shows how relentlessly persistent cybercriminals are and indicates they are using botnets to target an organisation’s cloud platforms. In some instances, it may be a human attacker, but regardless, companies need a security strategy to protect what they are putting into the cloud.

    “The issue of visibility and security in cloud platforms is a big business challenge, and with increased migration to the cloud, we see this continuing.”

    The firm said continuous visibility of public cloud infrastructure is vital for businesses to ensure compliance and to know what to protect. However, multiple development teams within an organisation and an ever-changing, auto-scaling environment make this difficult for IT security.

  • NCC: cybercrooks use sophisticated tools

    The Nigerian Communications Commission (NCC) has warned telecoms subscribers to be extra careful as criminal elements have now turned to telecoms infrastructure to defraud their unsuspecting victims.

    Its Director, Consumer Affairs Bureau, Mrs. Felicia Onwuegbuchulam, who gave the warning, said as broadband penetration gets deeper for promotion of positive engagements and efficient economic activities, the tendency for some internet users to use such access for criminal and illegal activities will be on the rise, thereby requiring adequate consumer education.

    Meanwhile, the NCC said as part of its consumer protection activities, it received and satisfactorily resolved 92,757 service-related complaints escalated to it for resolution by aggrieved telecoms consumers in the past two years.

    Onwuegbuchulam, who spoke at the 26th edition of the Consumer Town Hall Meeting (CTM)  with Mitigating Effects of Cybercrimes: The Role of Telecom Consumers as theme, in Mokwa, Niger State, said businesses and individuals in  every country rely on Information Communication Technology (ICT) for their day-to-day activities, where internet is playing a key role in interconnectivity of devices.

    She said as the Commission embarks on various initiatives to increase access to the internet for positive engagements, hackers and cybercriminals also deploy sophisticated systems in intruding into connected devices to perpetrate their exploitation schemes.

    “It is common knowledge that the use of internet has become part of telecom consumer’s daily activities whether at home, in the workplace or any social setting.  Smartphones and other smart devices used by telecom consumers are a storehouse of data, carrying sensitive information about the telecoms consumers, his or her family, businesses, associates and daily interactions as well as financial transactions details. Admittedly, the Internet touches almost all aspects of our lives as telecom consumers,” she said

    NNC Consumer Affairs Bureau Deputy Director, Alhaji Ismail Adedigba, in a report detailing consumer protection activities of the NCC said the 92,757 service-related complaints were settled in record time.

    He said: “Between January 2017 and December 2018, the Commission received a total of 118,784 complaints from consumers, of which 92,757, representing 78 per  cent of total complaints received during the two years period were successfully resolved to the satisfaction of telecom consumers,” he said.

    He said 5,010 appreciations were received from some consumers who felt satisfied after the Commission had successfully resolved their issues for them and therefore, decided to formally write and call the Commission to express their gratitude for the Commission interventionist efforts.

    The complaints and appreciations, he said, were received through the Commission’s various channels of lodging complaints and interactive engagement platforms. These include the NCC toll-free Line – 622, which is the Commission’s Contact Centre, the NCC Consumer Portal, consumer complaint redress email, written complaints, social media as well as those received at the Commission’s various outreach programmes which include Consumer Town Hall Meeting (CTM), Consumer Outreach Programme (COP) and Telecom Consumer Parliament (TCP).

    Through the three consumer outreach programmes usually held by the Commission across various states on a rotational basis, Adedigba said more than 31,202 consumers have been engaged face-to-face and adequately educated on their rights and privileges with respect to provision of telecoms services within the last two years.

    He said during such fora, consumer fact sheets developed by the Commission on various service-related topical issues are also distributed to educate consumers on various issues in the industry.

    “The Commission places a lot of importance on consumer-related issues. For this reason, the Commission has embarked on various initiatives, aimed at enlightening and protecting the consumers to ensure they get quality services, that they are treated right by the service providers and that they get value for money spent on telecom services, be it voice or data.

    “Also, we ensure that we embark on initiatives aimed at providing wider service options as well as putting more control in the hands of the consumers to determine what they receive, especially in terms of value-added services (VAS) in line with our ‘PIE’ Mandate of Protecting, Informing and Educating the consumers. We understand the industry is big and we are doing our best to ensure consumer get quality service delivery,” he said.

  • ‘Cybercrooks attempt to steal $3.9m from maritime sector’

    cybercrooks attempted to steal  $3.9 million in the maritime sector between last June and January.

    During the period under review, the maritime sector became a target of a cyber gang code-named ‘Gold Galleon’, targeting the industry via Business Email Compromise (BEC) and Business Email Spoofing (BES) fraud.

    Speaking yesterday in Abuja, the President, Cyber Security Experts Association of Nigeria (CSEAN), Remi Afon, lamented that about 85 per cent of corporate organisations in the country lack cybersecurity plans and strategy, thus vulnerable to cyber attacks.

    However, he stated that some of the cyber threats were being evaded through increased cybersecurity campaign while others were under-reported.

    He said: “Recently, Secureworks Counter Threat Unit researchers released a report on a group of Nigerian cybercriminals code named “Gold Galleon” targeting maritime industry via BEC and BES fraud to dupe their unsuspecting victims into parting with millions of dollars. It is estimated that between June 2017 and January 2018, the cybercriminals attempted to steal upwards of $3.9 million, and on average, fraud attempts theft level may reach $6.7 million per year.

    “Global cybercrime damages, which were about $3 trillion in 2015, will reach about $6 trillion by the end of 2021, a 100 per cent increase in just five years according to Cybersecurity Ventures. Unfortunately, over 85 per cent of organisations and government agencies in Nigeria lack cybersecurity plan and strategy while majority are unsure whether or not they’ve been a victim of cybercrime.”

    He disclosed plan to further sensitise the public in its fourth cyber security conference, tagged ‘’Mitigating Cyber Threats in the Digital Age’’ scheduled to hold in Lagos.

    CSEAN is a non-profit organisation composed of Information Security Professionals in Nigeria and Diaspora, recognising the need for unified effort and framework across board to tackle cyber crimes. CSEAN was established as an advocacy group to galvanise the movement and development of information security in Nigeria.

    The conference provides unparalleled gathering of cyber security industry giants, government, academia, information security professionals from Nigeria and the international community.

     

     

  • ‘Cybercrooks target smartphones’

    Smartphones have become a mine of personal information, holding bank data, credit card information and addresses, making them the preferred target for cybercriminals, experts have warned.

    “Cybercriminals go where there is value, and they have understood that the smartphone has become the preferred terminal for online shopping and payment,” head of the French branch of international anti-virus firm Kaspersky Lab, Tanguy de Coatpont, said at the Mobile World Congress in Barcelona.

    According to AFP, ransomware, which seizes control of computers and demands money to unblock users’ data, has already started to target smartphones.

    Now the devices are also being sought after as a gateway to key information about its user, experts at the phone industry’s largest annual trade fair said.

    Head of the French Division, Intel Security, Fabien Rech, said cybercriminals have progressed from smartphone ransomware attacks to using Trojan Horse malware that can steal the login credentials of mobile banking users.

    Using the stolen credentials, thieves can then log in to the victim’s account remotely and transfer money out. “We see more and more attacks against banking apps,” said Rech.

    There was a 17 per cent increase in attacks targeting banking apps last year around the world, according to Slovakian cybersecurity firm ESET.

    A new crop of younger cybercriminals is more at ease with smartphones, said Russian online security specialist Eugene Kaspersky, the head of Kaspersky Lab.

    “I think that old generation of cyber criminals are on personal computers, the new are those who are on mobile,” he said.

    While most cyberattacks target Android, the widespread smartphone operating system developed by US Internet giant Google, Apple’s iOS system, used on iPhones and generally considered more secure, is not immune from attack either.

    “Defrauding iOS could be easier because you only have few devices using it,” said Avishai Shoushen, the head of Israeli mobile advertising platform ClicksMob.

    Since iPhones can be connected to other Apple products, hacking into the handset can give a cybercriminal access to the data in other connected gadgets as well, said Ciaran Bradley, chief technology officer at Irish security firm Adaptive Mobile.

    “Just an email looking like its coming from Apple can give an opportunity to access personal account information from any other device,” he said.

    Some phone makers such as Australia’s Cog System are developing phones with extra security features to appeal to consumers who are concerned about hacking.

    The company unveiled in Barcelona the D4 Secure SDK, which it called “the world’s most secure smartphone”.

    Cog Systems, which has for years supplied super secure phones for governments, is targeting big companies with the device.

    Experts say most cyberattacks could be prevented by smartphone users, who are often not aware that their device could be targeted.

    “Consumers think that it is up to manufacturers to handle security issues, they tend to believe their connected devices are secure and they don’t think about it once it is open and running,” said Rech.

    De Coatpont said proper use of a smartphone was key to preventing cyberattacks.

    “Protecting your mobile phone implies not installing unofficial applications and regularly updating its operating system when asked to do so. And of course paying attention to how you manage passwords,” he said.

  • ‘Cybercrooks tap into smartphones’

    A global leader in mobile communications, BlackBerry Limited, has lamented that cybercriminals have moved their game to smartphones which contain details of users’ bank information, family pictures and other such private information which are used to harm them.

    It said it is in response to the increasing insecurity in smartphones that the firm unveiled DTEK50, the world’s most secure Android smartphone. DTEK50 is BlackBerry’s second smartphone powered by Android, following the PRIV.

    Its Chief Security Officer, David Kleidermacher, said: “With an increase in cybercrime on smartphones, people need to recognise that the private details of their lives – where they live, their bank info, pictures of their kids – are at risk on their personal device. You wouldn’t leave the doors of your house unlocked at night. Having a smartphone that doesn’t take your privacy seriously is the equivalent. It’s equally important for businesses to protect their sensitive data from cyberattacks at all points of their mobile environment – from the device to the network and servers,” Fully equipped with Android Marshmallow 6.0, DTEK50 combines BlackBerry’s unique security, privacy and productivity with the full Android experience in an all-touch design, at a price point that’s accessible for consumers and ideal for enterprise fleet deployment.

    Also speaking on the new device, its Chief Operating Officer and General Manager, Devices, Ralph Pini, said: “We take our customers’ privacy seriously. That’s why we’re proud to have all the security and privacy functionality that’s built in our newest Android smartphone. DTEK50 merges the unique security and connectivity features BlackBerry is known for with the rich Android ecosystem. DTEK50 adds to BlackBerry’s lineup of secure smartphones, providing choices to our customers with different price points on both BlackBerry 10 and Android platforms.”

    The firm said in a recent survey of Android smartphone users, BlackBerry found that 50 per cent believe their smartphone is only somewhat secure, and what’s more, despite data security fears, one in six Android users don’t know about Android security patches.

    DTEK50 was designed to address the security and privacy needs of today’s uncompromising Android users. Smartphones are increasingly being targeted for cyberattacks through tactics like malicious apps, scareware notifications and insecure Wi-Fi connections. BlackBerry’s Android smartphones, including DTEK50 and PRIV, have unique built-in hardware security.

    DTEK50 encrypts all users’ information, including business critical data and personal data such as pictures, videos and contacts. Malware protection is also built-in along with back-up, wipe and restore capabilities. Additional software provides users with visibility and control over which apps get access to personal info or device features such as the microphone or camera. BlackBerry also delivers security patches on the same day that Google publicly releases information about them, while many popular Android smartphones put the users’ private information at risk of being hacked due to slow security updates.

    It said DTEK50 is now available for pre-orders at ShopBlackBerry.com.

     

  • How cybercrooks are killing commerce

    About a decade ago, it seemed impossible to imagine that sitting in one’s bedroom, one could order for goods ranging from tomatoes to trinkets and cars, using the mobile phone. Technology has removed barriers, with the coming of the global system for mobile (GSM) communication. The absence of laws to punish those who take advantage of the cyberspace to fleece people, continues to impede the growth of e-commerce, reports LUCAS AJANAKU.

    Former Director-General, National Information Technology Development Agency (NITDA) Prof Cleopas Angaye will not bat an eyelid pressing the button to delete Nigeria’s name from its global list of countries with high crime rate.

    At a forum in Lagos, he told The Nation why the agency he once headed is at the vanguard of getting the cyber bills pending before the National Assembly passed into law.

    He said: “Nigeria is rated as one of the worst cybercimes. If you go to the internet (and click) cybercrime, you will see that Nigeria is one of the four leading cybercrime countries. It becomes of utmost concern when you count the United States and may be China and the United Kingdom and Nigeria is there. We shouldn’t be there. Nigeria is not as advanced in ICT as these other countries. We want to be advanced in other areas, but certainly not in crime. So, we are concerned. We want our cyberspace to be free.”

    There are two items to the bill: the cybercrime and cybersecurity. “There is the cybercrime and the cybersecurity issue. The cybersecurity part of the bill spells out penalties that will be meted out to the people who contravene the provisions of the bill when passed into law. Security is about how we prepare ourselves and make sure that we secure our cyberspace against crime,” Angaye said.

    Over the years, people have wondered if e-commerce, especially online retailing, will ever be practicable in the country. But in the last couple of years, cynics have been proved wrong. At the last count, not only have more than a dozen online retailing platforms registered their presence in the country, but also business has been good for them.

    The question is how to consolidate on the little success so far recorded in the trade that is carried on through the nation’s porous cyberspace.

    Though there is no reliable data to gauge the performance of online platforms in the country, the number of sites available is a sign that it is gaining traction among the elites. Some of these popular sites are http://www.sunglasses.com/, http://www.konga.com/, http://www.gloo.ng/, http://www.jumia.com.ng/, http://www.kaymu.com.ng/ http://www.mybidmonster.com.ng/, http://www.shopkolo.com/, http://www.ozyet.com/, http://www.buyright.biz/.

    Future of e-commerce

    With the launch of the National Broadband Plan by the Federal Government last year, the future of e-commerce and indeed other e-transactions in the country is bright. Broadband has been described as a game changer that will revolutionise every facet of human endaevours from telemedicine, to e-agriculture.

    To former Chief Executive Officer, sunglasses.com.ng, Jaime Moreno, the future of e-commerce is bright, considering the population of the country and the number of internet users.

    “In the UK, e-commerce accounts for around 10 per cent of the GDP (gross domestic product) implying over $200 billion. And by 2016, it is expected to contribute more than construction, healthcare or education.

    “Now, obviously, Nigeria is at infancy stage, compared to the UK in terms of e-commerce, but this shows the potential the country has and where it could be heading soon.

    “And if some people think UK is a far example, UK has 52 million internet users. Nigeria has 48 million, and most likely will overpass UK by the end of 2014,” he said.

    Moreno added that lack of education about e-commerce and lack of trust between the customers and service providers remain challenges too. “In Nigeria, there is a large amount of internet users, but most do not yet know they can actually buy products online,” he added.

    Employment

    Nigeria has a very large young population (over 50 per cent below 20 years old). The wave of e-commerce will bring many new start-ups and along with them job creation for that young population. Entrepreneurs, self-employed and freelancers will have the key to become the engine of growth and innovation for Nigeria, Moreno added.

    Role of government

    Obviously, the government has a major role to play in regulation and provision of the enabling environment. With the potential that the country has in terms of demographics and internet dynamics, the government could power the country to become Africa’s hub for e-commerce. A sector analyst said allowing intensive benefits to technology startups in the country will definitely attract foreign investment and will help Nigerian and international entrepreneurs to grow and create successful companies.

    Quality of Service

    With the dearth of fixed broadband, mobile operators have done so well in the area of providing mobile broadband. With active subscriber population now crossing the 120 million mark, the place of quality telecoms service cannot be overemphasised. Many subscribers access the internet through their mobile phones. This implies that the Nigerian Communications Commission (NCC) should step-up its regulatory role to ensure quality of service not only in voice, but also in data services.

    Delivery time

    Nigeria is a huge country with dilapidated infrastructure and unorganised transportation system. While the major highways interconnecting the country have become express roads to the graves, promises by successive administrations to rejuvenate the rail transportation system remain unfulfilled. This could certainly pose a daunting challenge to products’ delivery time. Added to this is the inefficient postal system in the country.

    Innovative payment method

    Payment for online transaction should be electronic. Online stores should be web-enabled. When orders are placed on amazon.com for instance, payments are made instantly. Operators should work closely with electronic payment firms like Interswitch, eTrazact and others to device a way payment could be made within the comfort of one’s living room in a seamless and secure manner.

    Combat online insecurity

    Nigerians are still anxious about the security of their online information, especially without an enabling law to punish people who breach the cyberspace.

    Managing Director, New Horizons Nigeria, Tim Akano said security has always been taken with levity in the country, arguing that this will make breach an easy task by the large pool of unemployed smart graduates.

    “IT security is already a major concern globally. In Nigeria, where IT security is usually handled with levity, with more young people acquiring IT skills and with little opportunity to earn a decent income due to poor infrastructure, that will make them transit to technopreneure. These youths will turn to vulnerable banks, universities, government agencies and other corporate organisations to earn huge income by hacking into their database and selling it for handsome fees in the booming online black market,” he said.

    He identified malware, ransomware, advanced persistent threats, spear phishing, social network attacks, cyber attacks on banks and telecoms, and cloud backlash as new threats to watch this year.