The Cyber Security Experts Association of Nigeria (CSEAN), an umbrella body of all cyber security professionals in Nigeria has highlighted all the factors that will contribute to 2024 cyber security threats in the country.
In an 11-page report titled ‘National Cyber Threat Forecast 2024’, CSEAN noted that the global landscape witnessed a substantial rise in cyber-attacks, with notable incidents involving ransomware, credential and information stealer malware, and website defacement.
Nigeria, like many other countries, faced its share of these challenges in 2023. The report drew insights from diverse sources, including cyber threat reports, and incident analyses, and equally collected and analysed data from various sources, including cybersecurity professionals in the country, 2022 and 2023 threat trends, to present the forecast of cyber threats for 2024.
The report was co-authored by Oluwafemi Osho, John Odumesi, Hamzat Lateef, Olajumoke Oloyede and Jonathan Ayodele, who are members of the Directorate of Research and Development at the Cyber Security Experts Association of Nigeria.
Below from left, Oluwafemi Osho, Jonathan Ayodele and Hamzat Lateef
In anticipating the road ahead, the CSEAN National Cyber Threat Forecasts 2024 points to a continued surge in mis/disinformation, ransomware attacks, attacks against vulnerable government’s online assets, crypto scams, benefit and employment scams, information and credential theft, AI-enabled threats, impersonation scams, insider threats, cyber hacktivism, and web defacement.
As predicted in the CSEAN National Cyber Threat Forecasts for 2023, Nigeria experienced a deluge of fake news in the periods leading up to and during the 2023 general elections. In 2024, the persistent issue of misinformation and disinformation is expected to continue.
The ease of spreading false information through digital platforms, mainly social media, makes it a prevalent issue that extends beyond politics, impacting social stability and national security. Practical measures, including stringent fact-checking, public education campaigns, and regulatory actions, are necessary to curb the spread of false information.
These efforts require collaboration between individuals, tech companies, and governmental bodies to ensure a well-informed public and a secure digital environment in Nigeria.
In 2023, the cybersecurity sector in Nigeria experienced a dramatic rise in ransomware attacks, establishing it as the primary cyber threat of the year.
This increase was fueled by the widespread availability of ransomware-as-a-service, which allowed even those with minimal technical expertise to launch sophisticated cyberattacks.
For 2024, the forecast indicates an increase in ransomware attacks in Nigeria, impacting both public and private entities.
The accessibility of ransomware-as-a-service and the success of previous campaigns suggest a persistent and growing threat. To mitigate this, organisations are urged to update software and systems regularly, avoid unauthorised software, implement strong monitoring practices, and swiftly patch security flaws.
The vulnerability of many Nigerian government online assets to common exploits is expected to persist in 2024, continuing the trend observed in 2023.
The availability of public exploit code for these vulnerabilities makes them attractive targets for threat actors, often serving as initial entry points for malicious attacks.
Regularly patching known vulnerabilities is critical to prevent malicious actors’ exploitation. Additionally, implementing robust cybersecurity protocols, including proactive monitoring and intrusion detection systems.
With the Central Bank of Nigeria (CBN) lifting restrictions on banks facilitating cryptocurrency transactions, 2024 is poised to be a pivotal year for the crypto landscape in Nigeria.
This decision opens the door for an influx of cryptocurrency service providers, significantly increasing market accessibility.
However, this development also sets the stage for a potential rise in crypto scams. The combination of heightened market accessibility, a large, eager investor base, and the complexities in effectively regulating and monitoring crypto transactions creates an environment ripe for the proliferation of crypto scams in Nigeria.
This situation necessitates urgent and concerted efforts to implement robust educational campaigns, enhance security measures, and establish vigilant regulatory frameworks.
In 2024, Nigeria can be expected to witness a surge in employment and benefit scams, a trend that has been prevalent in 2023.
These scams often lure victims with promises of financial inducements and part-time job offers, primarily disseminated through various digital platforms.
The anticipated increase in these scams in 2024 can be attributed to Nigeria’s challenging economic situation, which may drive more individuals to seek financial opportunities online. Several measures are crucial to counter this rising threat.
These include public awareness campaigns, improved monitoring and vetting by digital platforms, law enforcement collaboration for reporting and prosecution, and promoting safe job search practices with thorough recruiter verification and caution against sharing personal details or making payments.
Nigeria’s cybersecurity arena, in 2023, experienced a dramatic increase in information and credential theft, marked by advanced malware attacks.
These attacks, characterized by high sophistication, were a significant step up from previous challenges. Managed Security Service Providers (MSSPs) and Security Operations Centers (SOCs) encountered numerous cases involving potent malware variants like RedLine, Racoon, and Lumba, adept at evading traditional cybersecurity measures.
The forecast for 2024 suggests a continuation and escalation of these threats, with sophisticated malware attacks expected to rise. A robust and comprehensive cybersecurity approach is crucial to counter this growing menace.
The forecast envisage an increase in the use of AI for malicious purposes in 2024. Attackers will leverage the capabilities of AI to enhance the efficiency and effectiveness of their cyber-criminal activities.
This will manifest in more personalized phishing attacks, personalised malware, automated large-scale attacks, and sophisticated social engineering attacks.
To mitigate AI exploitation for cybercrimes, individuals should stay informed and practice cybersecurity hygiene. Organisations must invest in AI-driven security solutions and staff training.
Governments should enforce robust cyber laws, support research in AI security, and foster public-private partnerships for sharing intelligence and best practices in cybersecurity. In 2024, Nigeria is poised to continue facing the challenge of impersonation scams.
These scams involve creating fake websites and social media profiles, using the names and images of well-known figures to deceive the public. Public awareness campaigns and educating people on recognizing and reporting such scams are crucial to combating impersonation scams.
Social media platforms and web-sites must enforce stricter verification processes for profiles claiming organisational or individual identities.
Additionally, collaboration with law enforcement will be vital in ad-dressing and legally pursuing these frauds.
The forecast predict Nigeria will face an upsurge in insider threats in 2024. Amid these economic hardships, cybercrime has become an increasingly attractive option, offering substantial illegal earnings. Businesses and organisations must adopt various measures to combat this growing threat.
These include increasing employee pay to better align with the cost of living, offering financial incentives for loyalty, conducting ethics training emphasizing cybersecurity responsibilities, monitoring employee behaviour, and implementing robust cybersecurity protocols like multifactor authentication.
In light of the events of 2023, where Nigeria witnessed the disruptive force of cyber hacktivism following the coup d’état in Niger, it is highly likely that 2024 will see an in-crease in similar activities. To mitigate this escalating threat of cyber hacktivism in 2024, Nigeria must adopt a multi-faceted approach.
Strengthening cybersecurity infrastructure is paramount. This involves investing in advanced security technologies and enhancing the capability of cybersecurity personnel.
Looking ahead to 2024, the forecast suggests an escalation in the severity and frequency of web defacement incidents, affecting a diverse range of industries.
The high incidence of attacks on academic institutions highlights the urgent need for all sectors, especially education, to reassess and bolster their cybersecurity measures.
Commenting on the report, Mr. Ade Shoyinka, the president of the Cyber Security Experts Association of Nigeria, emphasized the need for collaboration between public and private sectors, the adoption of updated computing resources, and a commitment to cybersecurity best practices are imperative. In essence, the evolving digital threats demand a united front.
Organisations, irrespective of sector, must strengthen their defences, invest in cutting-edge technologies, and prioritize education to mitigate vulnerabilities. As we navigate the uncertainties of 2024, a shared commitment to cybersecurity resilience will be the cornerstone of a secure and resilient digital future
The full report can be accessed here.
Comments 1