On December 21 2021, the Economic and Financial Crimes Commission (EFCC) released a statement that the Kano Command of the Commission arrested a suspect at the Mallam Aminu Kano International Airport with 576 ATM cards.
This happened barely two hours after the EFCC secured the conviction of three smugglers – arrested with 1,144 ATM Cards at the same airport.
It is becoming clear that cybercrime is no longer the exclusive preserve of the southern part of Nigeria; with Lagos notoriously known as the “cybercrime capital of West Africa”, the crime is fast spreading like wild fire to other parts of the country.
The year 2021 witnessed massive cyberattacks that affected private organisations, government agencies, individuals, and supply chains globally. Nigeria had its fair share of cyberattacks and compromise albeit largely underreported.
On December 9, an acute Remote Code Execution (RCE) vulnerability was reported in the Apache logging package Log4j 2 versions 2.14.1 that shook the internet.
By December 10, more than 3.7 million hacking attempts had been made to exploit the vulnerability, according to leading cybersecurity firm Checkpoint, with more than 46% conducted by known malicious groups.
2022 is expected to witness an escalation in cyberattacks and cybercrime from what we witnessed in 2021.
The 2022 Nigeria Cybersecurity Threat Landscape enunciated here is based on cybersecurity trends in Nigeria and around the world, coupled with insights from leaders and global experts who assess the evolving cyber environment and the security threats we currently face.
From Ransomware and Business Email Compromise (BEC) scams to deepfakes, these predictions are based on existing trends while incorporating the behaviour of cybercriminals and changing technological innovations.
The year 2021 witnessed unprecedented Ransomware attacks with the rise of Ransomware-as-a-Service (RaaS) groups on the Darkweb. The average amount of reported Ransomware transactions per month in 2021 was $102.3 million, according to FinCEN Report.
Approximately 37% of global organizations said they were victims of some form of a Ransomware attack in 2021, according to IDC’s “2021 Ransomware Study.”
In 2022, the Ransomware threat and level of severity of ransomware attacks will grow. With Ransomware becoming the new digital pandemic, we expect to see the highest reported ransom paid by organisations in 2022 and disruption of service with maximum impact in terms of financial loss.
The loss would not only be calculated based on ransom paid, but in terms of financial losses due to service unavailability, loss of market share, and a drop in stakeholder confidence, amongst other factors.
As the 2023 Nigeria general elections draw nearer, the use of Deepfakes and fake news will rise in 2022. Deepfakes are videos, images, or audio recordings that are manipulated by AI technology.
In a deepfake, an individual can be presented as saying or doing something that didn’t happen. Deepfakes are typically used to slander targets, manipulate events, falsify statements, or evidence, and create scandals. They’re made with artificial intelligence software that maps targeted people’s faces into scenes and onto other people’s bodies, or otherwise manipulate parts of videos.
The Deepfakes threat has also been used to facilitate business email compromise (BEC) fraud, bypass Multi-Factor Authentication (MFA) protocols, and Know Your Customer (KYC) ID verification, and will be increasingly used in 2022 and beyond.
Closely related to Deepfakes is Fake news. Fake news has become a new attack vector in the past few years.
Throughout 2021, misinformation was spread about the COVID-19 pandemic, and vaccination information with the black market for fake vaccine certificates and fake PCR test results expanding globally, with several countries recording fake vaccine and test certificates for travellers. Fake ‘vaccine passport’ certificates are now on sale for $100-120 in the darkweb.
In 2022, cybercriminal groups will continue to leverage these types of fake news campaigns and fake covid documents to execute cybercrime through various phishing attacks and scams. Other likely effects of the election season are website defacement, DDoS attacks, spear phishing, and BEC.
The growth of cloud adoption through 2022 will coincide with the increase of cloud compromise and abuse. As organizations continue to rely on the cloud and cloud-hosted third-party providers, those third parties face mounting pressure to maintain confidentiality, integrity, and availability of customers’ data.
Cloud security misconfiguration and supply chain attacks will rank among the top cyber threats in 2022. Towards the end of 2020, there was a devastating SolarWinds breach and in July 2021, the REvil ransomware gang exploited a Zero Day in Kaseya VSA to launch a supply-chain attack on its customers.
Neither of these attacks occurred in isolation. In 2022, we can expect that cybercrime gangs will continue to seek ways to hijack the digital transformation of organisations to deploy malicious code, infiltrate networks, and gain persistence in systems all over the world.
Insider threats pose a serious challenge for banks and other financial institutions in Nigeria. Collusion between trusted insiders and cybercriminals will continue to increase in 2022.
The majority of frauds in the banking sector were perpetrated through insider information leaks. Fake alerts, sim swap scams, ATM card clones, use of ATM skimmers, and the likes, are highly successful when a bank insider is involved.
An insider threat is a malicious threat that comes from people within the organisation, such as employees, former employees, contractors, or business associates, who have privileged information concerning the organisation’s mode of operations and access to confidential information, which can assist cybercriminals to compromise the organisation or its customers.
According to a report by Abnormal Security in August 2021, a Nigeria-based ransomware gang was conducting a campaign that dangles a $1 million bribe, or a portion of any ransom collected to employees of targeted organisations if they will install ransomware on their corporate network.
It is expected that this kind of baits will be taken by more insiders in 2022 as inflation and other economic ills make life tougher for the average Nigerian.
The shift to remote work has moved from a temporary measure to help curb the spread of the virus to a more permanent strategy for many businesses.
A global survey conducted by Gartner found that 88% of organisations all over the world mandated or encouraged all their employees to work from home as the coronavirus started to spread at exponential rates. Furthermore, about 97% of the organizations immediately cancelled all work-related travel.
According to Gartner, almost 50% of employees will continue to work remotely post COVID-19. With the Omicron covid variant spreading globally, remote working will continue to be the preferred option for a very long time. Remote work will also continue to be exploited by cybercriminals in 2022.
This will come in form of phishing, man-in-the-middle attacks, malware attacks, and session hijacking.
Remote working has reshaped the threat landscape and has created new opportunities for attackers to change their approaches; and we expect this to get worse in the New Year. With more attackers entering the market with malware-as-a-service campaigns, bad actors will continue to target the essential tools that the virtual workforce is using.
These include Virtual Private Networks (VPN); which have weak security, exposed servers, and exchange email services and web applications.
Attackers will continue to exploit these servers and services or brute force them due to inefficient hardening practices.
Remi Afon is the President, Cyber Security Experts Association of Nigeria (CSEAN)