NOVA Bank has attained the globally recognized ISO 27032 Cybersecurity Standard certification.
This certification positions NOVA Bank among the elite financial institutions in Nigeria.
The ISO 27032 certification focuses on fortifying cybersecurity measures, ensuring robust protection for data, systems, and online transactions amid an ever-evolving cyber threat landscape.
In addition to this achievement, NOVA Bank is already certified in ISO 27001 for Information Security Management and BCMS 22301 for Business Continuity Management, further underscoring its dedication to operational excellence and security.
Commenting on the certification, Chinwe Iloghalu, acting managing director and chief executive of NOVA Bank, described the certification as a pivotal moment for the Bank and its customers.
“This certification underscores NOVA Bank’s unwavering dedication to maintaining the highest global standards in cybersecurity.
“As we continue to innovate with customer-centric retail products, cybersecurity remains at the heart of our operations. Our customers can rest assured that their data and transactions are protected by some of the most advanced security frameworks in the industry.
Trust is built on security, and NOVA is committed to providing a secure, reliable, and innovative banking experience,” Iloghalu stated.
Dr. David Isavwe, the Bank’s executive director for Operations and Information Technology, who also serves as the president and chairman of the Board of Trustees for the Information Security Society of Africa, Nigeria (ISSAN), emphasised the broader implications of the certification.
“The ISO 27032 certification highlights NOVA Bank’s proactive approach to addressing cybersecurity challenges. It demonstrates our readiness to protect against evolving threats and our ability to adapt to the dynamic landscape of digital banking.
This certification reinforces our commitment to delivering secure and uninterrupted services to our valued customers,” he stated.
This milestone aligns with NOVA Bank’s overarching strategy of integrating cutting-edge technology with its trademarked Phygital model—seamlessly blending physical and digital banking experiences, while maintaining an unwavering focus on customer trust and satisfaction.
As the bank prepares to launch a series of innovative retail banking products, this certification highlights its dedication to prioritizing cybersecurity, ensuring a secure and seamless banking experience for all its customers.
With Black Friday and Cyber Monday around the corner, we’re entering a high-risk period for cybersecurity.
A recent Sophos report highlights that malicious emails were the second most common root cause of ransomware attacks in critical sectors, responsible for 25% of cases.
During peak shopping days, this threat intensifies.
Here’s what happens: with the surge in online deals, more employees may be shopping from their work computers, feeling that Cyber Monday is a legitimate time to do so.
This increases the risk of them clicking more freely and potentially exposing the organization to malicious links or phishing attacks.
To keep your organization safe, encourage your team to follow these simple tips by Sophos:
1. Use an ad blocker –
Advertisements are not only tracking your every movement and collecting enough information on your habits to make the FBI blush, but they are also a major source of malicious links and deceptive content on the internet. Not only is your browsing safer, but also faster and uses less bandwidth. Two of our favorites are uBlock Origin and Ghostery.
2• Use private browsing or incognito mode –
To prevent your shopping habits and interests from following you around from site to site (and potentially revealing what gifts you might be purchasing to others using your device, bonus!), you should enable private browsing (Firefox) or incognito mode (Chrome).
This will block tracking cookies and help the internet forget your travels as the waves wash away your footprints in the sand.
3• Make your browser “privacy smart” –
The Electronic Frontier Foundation (EFF) provides a browser extension called Privacy Badger designed to automatically make all the right choices around browsing whilst maintaining our privacy and blocking invisible trackers.
4• Avoid using one account on multiple services –
When logging into an e-commerce site it is often tempting to use the “Sign in with Facebook” or “Sign in with Google” button. While it takes a few more minutes to create a new login, it will provide more privacy as you are not sharing all of the sites you shop at with these tech giants.
5• Use guest login when available –
In addition to letting you use an account from other websites, many have an option to use a guest login rather than creating a new account. This is a great option if you don’t expect to need technical support or to do business on a recurring basis. Fewer passwords, fewer personal details, fewer problems if they get hacked.
6• Don’t save card details –
Many e-commerce sites will default to storing your credit card information in your profile for your “convenience” (or their hope you’ll shop there again). They can’t lose what they don’t have, so tell them not to store your credit card unless it is absolutely necessary.
7• Use temporary card numbers –
Many financial institutions now offer temporary or one-time use credit card numbers. You can open the app on your phone or in your browser and get a single-use disposable credit card number preventing card fraud and tracking when merchants share card processors. Sometimes you’re even able to specify a card limit per temporary number to further protect your account.
8• Use credit, not debit –
All of us need to be wary of overspending during the holidays, but it is best to leave the debit card at home. Credit cards offer significantly more protection against online fraud, and you are in the power position in a dispute. You can simply not pay your bill while disputing the charge, rather than having criminals directly drain your bank account of your hard-earned cash.
9• Beware of direct messages via social media/chat apps –
With modern generative AI technology it is almost trivial to create an entire fake online store and lure people to share their personal information and payment data with you. It’s safest to shop at established sites or those personally recommended to you by friends and family. Many unsolicited messages lead to data collection or theft.
10• Don’t click deals in email that look too good to be true or are from businesses you don’t have accounts from – these could be phishing emails hoping to bait you into clicking links to bogus, malicious web sites.
This season, small steps can make a big difference in protecting against cyber threats during Black Friday and Cyber Monday.
This initiative aims to create a safer digital environment by equipping parents, teachers, and guardians with the knowledge and tools needed to help young people safely navigate TikTok and the broader digital landscape.
The #SaferTogether efforts, launched in 2022, have already made significant strides in improving digital safety awareness across Nigeria. Phase 1 focused on educating 537 teachers and 1,037 parents in major cities such as Abuja, Lagos, and Kano on TikTok’s safety features and promoting positive mental health in digital environments.
Building on the success of Phase 1, Phase 2 will expand with the inclusion of NITDA as a strategic partner.
This partnership aligns with NITDA’s mission to foster digital literacy, enhance technology infrastructure, and support inclusive access to digital tools and services.
Together, TikTok, NITDA, and DSN are committed to making Nigerian cyberspace safer for all while strengthening cybersecurity and digital trust.
Phase 2 of the #SaferTogether campaign will extend its reach to more regions, including participation from Edo and Kaduna, covering topics such as misinformation, cyberbullying, sexting, digital citizenship, fake news, child sexual violence, and data protection.
A cross section of participants
These workshops will engage a broad range of stakeholders, including civil society organizations, government representatives, community leaders, parents, teachers, and guardians.
Fortune Mgwili-Sibanda, TikTok’s Government Relations and Public Policy Director for Africa, underscored TikTok’s steadfast commitment to user safety:
“We believe that empowering parents, teachers, and guardians with digital literacy skills is not just about protecting users—it is about enabling an informed community to actively shape a safer digital environment for everyone. Our dedication to community safety remains unwavering, and through local partnerships, like our collaboration with DSN, we are extending these educational resources beyond our platform, building a resilient and knowledgeable online community.”
Image
DSN will develop content and curriculum for Phase 2, guided by TikTok’s Trust and Safety team to highlight TikTok’s safety tools and features.
“The digital world is now part of our daily lives for learning, engagement, and socializing. We have a shared responsibility to make this space safer, and we are excited to continue with the Safer Together campaign, providing parents, teachers and guardians with essential insights on digital wellness.”
TikTok offers resources for parents and guardians through its centralized Safety Centre and Guardian’s Guide, providing updated information on best practices for digital safety.
Obafemi Banigbe, CEO of 9mobile, recently shared his expertise at the Alliance for Innovative Regulation (AIR) virtual conference, tackling the pressing issue of digital payment fraud in West Africa.
His insightful perspectives offered valuable insights into combating identity theft, a major threat to African electronic money transfer security.
Speaking as a panelist in a session moderated by Nick Cook, the chief innovation officer at AIR, Banigbe outlined how telcos play a pivotal role in protecting financial transactions.
“Fraud is fundamentally a human challenge, not just a technological one,” he remarked, emphasising that identity theft remains central to electronic money transfer fraud and requires a community-driven, human-centred approach.
He emphasized the critical role of telecommunications companies as guardians of security in the financial ecosystem.
He outlined the proactive measures 9mobile and other telcos are taking to fortify financial systems, focusing on several key areas. Banigbe highlighted the integration of Know Your Customer (KYC) systems, which leverage collaborations with national ID databases, banking records, and mobile number registries to enhance customer verification.
He also stressed the importance of robust security tools, including SIM registration, Biometric authentication (fingerprint and facial recognition), and One-Time Password (OTP)-based authentication. These measures he said collectively strengthen verification processes, ensuring a more secure financial ecosystem.
Banigbe reiterated the importance of partnerships between financial institutions and payment platforms. These collaborations enable the secure sharing of intelligence, ensuring compliance with data protection laws. This, in turn, facilitates the detection of suspicious activities while maintaining privacy.
He also highlighted the need to address delays in fraud tracking. To achieve this, he advocated for the deployment of real-time blacklisting mechanisms. This would enable swift action on reported incidents, preventing fraudsters from exploiting time gaps.
While highlighting the need for industry-wide collaboration, Banigbe pointed to the cost-effectiveness of shared investments in advanced security architecture.
“No single organisation can tackle this alone. A united effort among telcos, financial institutions, and regulators is key to safeguarding our financial systems,” he asserted.
The panel discussion, which featured other notable speakers, including Ikenna Ndugbu (Moniepoint), Sheila Senfuma (Consumers International), and Modupe Ladipo (Prosperar Consulting), explored diverse aspects of combating digital payment fraud.
They discussed the role of robust compliance frameworks and transaction monitoring tools; addressed accessibility challenges for vulnerable populations, including people with disabilities like visual impairment that disallows them from baseline financial literacy; highlighted the specific vulnerabilities faced by women in informal financial systems and advocated for culturally sensitive financial inclusion strategies.
Banigbe further remarked on the need for proper access control within organisations to combat possible internal staff collusion with external fraudsters to make security systems more vulnerable.
“Regulating access will help prevent fraudulent activities within organisations,” he said, pointing to the need for stronger internal controls to safeguard sensitive processes.
He spotlighted the crucial role of telcos in creating a secure and inclusive digital financial ecosystem. Collaboration, Banigbe stressed, is essential to achieving lasting results in the fight against fraud. “It is an ecosystem, and there should be a joint effort to enlighten the public on digital payment fraud and advocate for victims of fraud,” he concluded, calling for unified action among telcos, financial institutions, and regulators.
With over 100 participants attending the conference, the collective commitment to combat digital payment fraud is evident.
Discussions continue to focus on leveraging technology, driving public awareness, and strengthening collaborative frameworks to address the pervasive threat of identity theft.
British businesses have suffered £44 billion ($55.08 billion) in revenue losses over the past five years due to cyberattacks, with more than half of private sector companies falling victim to these incidents.
This was revealed in a report by insurance broker Howden, based on a survey conducted in September.
Financial Toll on Companies
Cyberattacks have eroded approximately 1.9% of revenue on average for affected companies. The report noted that businesses with annual revenues exceeding £100 million are at greater risk, stressing the financial vulnerabilities of larger enterprises in the face of rising cyber threats.
Leading Causes of Cyberattacks
The report identified email compromises and data theft as the primary methods used by cybercriminals.
Compromised emails accounted for 20% of attacks, while data theft was responsible for 18%, leaving companies exposed to both financial and reputational damages.
Alarming Cybersecurity Gaps
Although there are growing risks, the survey found significant gaps in cybersecurity measures among businesses.
Only 61% of companies reported using anti-virus software, and just 55% had network firewalls in place. Barriers such as high costs and limited internal IT resources were noted as reasons for the inadequate adoption of protective technologies.
Sarah Neild, Howden’s head of UK cyber retail, spoke on the urgency of addressing these vulnerabilities. “Cybercrime is on the rise, with malicious actors exploiting weak spots as companies increasingly depend on technology for their operations,” she said, calling for assertive measures to mitigate the growing risks.
As the world gets more digital, businesses stand the risk of facing more sophisticated cyberattacks. The combination of inadequate defences and growing reliance on technology makes organisations susceptible to sophisticated attacks.
Steps to Strengthen Cybersecurity
To counter these threats, businesses are advised to:
Invest in Solid Defences: Allocate budgets for advanced cybersecurity tools like firewalls, anti-virus systems, and real-time monitoring.
Enhance Workforce Preparedness: Conduct regular training sessions to help employees identify and respond to threats effectively.
Perform Routine Security Audits: Regularly assess systems to identify vulnerabilities and implement necessary updates.
The survey, conducted by YouGov among 905 IT decision-makers in the UK’s private sector, warns businesses to prioritise cybersecurity or risk further financial and operational harm.
Fraud continues to threaten Nigeria’s financial sector, with alarming statistics revealing the scale of the problem.
In Q2 2024 alone, over 11,500 fraud cases were reported, involving ₦56.3 billion, marking a 1,784.94% increase in the total amount involved compared to Q1, according to the Financial Institutions Training Centre (FITC).
Total losses increased to ₦42.6 billion, an 8,993.04% increase from the preceding quarter.
Mobile, web, and POS-related fraud remain the most prevalent types, with cybercriminal activities involving external actors increasing by 5.20% and staff involvement in fraud cases rising sharply by 23.40% from Q1 to Q2 2024.
But PalmPay is not sitting back on this. The fintech platform is rising to raise awareness of the urgent need for collective action to fight fraud and secure Nigeria’s financial systems.
PalmPay’s Initiative Against Fraud
In commemoration of the 2024 International Fraud Awareness Week, PalmPay, a leading digital financial platform in Nigeria, organised a community walk on 22 November in Lagos.
Themed “United Against Fraud: Building a Safer Future”, the initiative aimed to educate the public on fraud prevention and digital security.
PalmPay Anti-Fraud Walk
Addressing participants, PalmPay’s managing director, Chika Nwosu, noted the importance of tackling fraud collaboratively:
“Fraud is more than just a crime—it is a systemic threat that undermines trust, compromises security, and disrupts progress. Its effects are far-reaching, impacting personal livelihoods and the integrity of businesses.”
He further highlighted the growing sophistication of fraudsters, leveraging vulnerabilities in digital payment platforms:
“Recent statistics from the Financial Institutions Training Centre (FITC) reveal that over 11,500 fraud cases were reported in Q2 2024—a stark reminder of the growing sophistication and persistence of these threats. These figures are more than numbers; they represent real people whose trust has been broken and whose finances have been compromised.”
Educating the Public on Fraud Prevention
During the event, PalmPay reiterated the lessons for fraud prevention, including safeguarding personal information, verifying suspicious emails, and refraining from disclosing sensitive information, even to close family members.
He stated: “You don’t need to open suspicious links. Verify them first. Once you have a suspicious email, report it and ask questions. We have built a robust system that cannot be penetrated by fraudsters, but the public must also avoid compromising their identity.”
PalmPay also stressed the importance of educating underserved communities where ATMs are frequently unavailable. According to a recent survey by the NDIC, 70% of ATMs in urban areas experience cash shortages, with rural areas facing even higher challenges.
“POS agents play a necessary role in bridging the gap in financial inclusion. While ATMs are limited by cost and location, agency banking ensures that financial services are accessible, even in remote villages.”
PalmPay Emphasises Collaboration with Stakeholders
PalmPay reiterated its focus on fraud prevention through strong collaboration with law enforcement agencies such as the EFCC and the Nigerian Police Force.
“We maintain a close relationship with all security agencies. Whenever there is an issue, we provide them with the necessary information promptly to address fraudulent activities,” Nwosu explained.
“Together, we can create an environment where individuals and businesses can thrive without fear, knowing that trust and security are at the heart of our digital world.”
PalmPay affirmed its intention to extend such campaigns nationwide, strengthening its mission to build a safer and more inclusive financial ecosystem.
Key stakeholders from the government and private sector recently gathered in Abuja and Lagos at the Nigeria Cybersecurity Stakeholder Roundtable organised with support from the UK’s Department for Business and Trade (DBT) to discuss practical steps to address the country’s cybersecurity challenges.
This roundtable had in attendance, top cybersecurity and tech experts from diverse sectors to engage in critical deliberations on current and emerging digital security issues. It emphasised the critical role of collaboration in addressing Nigeria’s cybersecurity challenges.
The roundtable emphasised the critical role of collaboration and information sharing in addressing Nigeria’s cybersecurity challenges including to:
Foster a synergized approach to addressing Nigeria’s cybersecurity challenges, leveraging the collective expertise of participants.
Establish a platform for continuous collaboration and knowledge exchange among stakeholders from various sectors to enhance cybersecurity practices.
Identify and assess cross-cutting needs and challenges across regulatory, supply, and demand sides, to inform future cybersecurity strategies and policies.
Create a platform that enables demand and supply side actors to have visibility and access to state-of-the-art cybersecurity solutions that benefit all.
Key takeaways from the roundtable include the importance of public-private partnerships in combating cyber threats, the need for continuous education and training for cybersecurity professionals, the development of effective strategies to combat cybercrime and the promotion of cybersecurity awareness among individuals and organisations.
R-L: UK’s FCDO West Africa Cyber Lead, James Carroll; Country Director for the UK’s Department for Business and Trade (UKDBT) in Nigeria, Mark Smithson; National Commissioner/CEO, National Data Protection Commission (NDPC) Dr. Vincent Olatunji; Director General, National Information Technology Development Agency (NITDA), Kashifu Inuwa Abdullahi; Deputy Country Director & Trade Adviser Defence and Security UKDBT, Morayo Adekunle; Chair of the African Union Cyber Security Expert Group (AUCSEG), Abdul-Hakeem Ajijola; Security Architect and Technical Lead, World Bank/FGN Digital Identification for Development (ID4D) Project; Chinenye Chizea and Country Manager Tech4Dev, Micheal John , at the the Cybersecurity Roundtable hosted at the Nigeria Exchange Group, with the theme Strengthening Nigeria’s Cybersecurity Landscape in Abuja… recently.
Commenting, Mark Smithson, country director for the UK’s Department for Business and Trade (DBT) in Nigeria, said:
“As a recognised global leader in cyber security innovation across a range of applications, the UK is uniquely placed to partner with Nigeria to raise awareness and tackle emerging threats and cybersecurity challenges affecting our two countries.”
Speaking at the event, Kashifu Inuwa Abdullahi, the director general the National Information Technology Development Agency (NITDA), stated:
“Cybersecurity is a shared responsibility that requires coordinated action at every level. Together, we must take proactive steps to safeguard our digital sovereignty, protect our critical information assets, and build a resilient, secure future for all”
Haruna Jalo-Waziri, the chief executive officer, Central Securities Clearing System (CSCS) Plc, emphasised:
“As we all know, cyber threats are becoming more sophisticated, diverse, and pervasive. Here in Nigeria, businesses face an alarming volume of attacks, with financial services being particularly vulnerable. Addressing these emerging threats demands a security culture rooted in continuous education and awareness. Cybersecurity is not a challenge any organization can tackle in isolation; it requires coordinated efforts, cross-industry partnerships, and a collective commitment to protecting our digital future.”
He also commended the event organisers, saying,
“I extend my gratitude to the UK Department for Business and Trade, the Office of the National Security Adviser, NITDA, NGX, the National Data Protection Commission, and Tech4Dev for organizing this roundtable outside of Cybersecurity Awareness Month. This setting offers a unique and invaluable opportunity to deepen our discussions on pivotal areas in cybersecurity.”
Also speaking on the need for robust cybersecurity frameworks in Lagos, Jude Chiemeka, the chief executive officer of Nigerian Exchange Limited, stressed that such measures are essential to unlock growth potential and restore investor confidence in Nigeria’s digital future.
He said:
“Cybersecurity threats present a serious economic risk that could undermine Nigeria’s vision as Africa’s digital powerhouse,” he said, highlighting the concerning impact on Nigerian banks, which lost ₦14.65 billion ($33 million) to electronic fraud in 2021 – a 187% increase from the previous year.”
Sophos X-Ops researchers offer tips on how to protect yourself
Sophos, a global leader of innovative security solutions for defeating cyberattacks, has released the results of Sophos X-Ops research on a new type of threat: quishing.
This new attack vector involves the use of fraudulent QR codes, emailed by threat actors, to bypass the phishing security measures put in place by companies.
This fraudulent QR code, embedded in a PDF document attached to an email, takes the form of a message about payroll, employee benefits, or other forms of official paperwork a business might send to an employee. Because QR codes are not readable by computers, the employee must scan the QR code using their mobile phone.
The QR code links to a phishing page, which the employee may not recognize as malicious since phones usually are less protected than a computer.
The goal of the attackers is to capture employees’ passwords and their multi-factor authentication (MFA) tokens in order to access a company’s system by bypassing the security measures in place.
“We spent a considerable amount of time sifting through all the spam samples we had to find examples of quishing,” comments Andrew Brandt, principal researcher at Sophos X-Ops. “Our research has revealed that attacks that exploit this specific threat vector are intensifying, both in terms of volume and sophistication, especially when it comes to the appearance of the PDF document. »
In addition to features such as CAPTCHA bypasses or the generation of IP address proxies to bypass automated threat detection, these criminal organizations provide a sophisticated phishing platform that can capture the credentials or MFA tokens of targeted individuals.
To encourage organizations to better protect systems against this type of attack, Sophos X-Ops shares a list of recommendations:
Be vigilant about internal emails about HR topics, salaries or company benefits: Sophos X-Ops’ research has found that social engineering tricks exploit these themes to trick employees into scanning fraudulent QR codes from their mobile devices.
Install Sophos Intercept X for Mobile : Available on Android, iOS and Chrome OS, this solution includes a secure QR code scanner that helps identify known phishing websites and alert if the URL is considered malicious.
Monitor risky sign-ins: Using identity management tools, organizations can detect unusual sign-in activity.
Enable Conditional Access: This feature helps enforce access controls based on the user’s location, device status and risk.
Enable effective access monitoring thanks to sophisticated logs: this type of advanced monitoring allows you to better visualize all access to the system and detect this type of threat in time.
Implement advanced email filtering: Sophos’ QR code phishing protection solution detects fraudulent QR codes included directly in emails and plans to expand its solution to QR codes in attachments as early as the first quarter of 2025.
Leverage on-demand email retrieval: Sophos Central Email customers who use Microsoft 365 have this feature to eliminate spam or phishing emails from corporate emails.
Encourage employees to be vigilant and report incidents: Prompt reporting of anomalies to the incident response team is essential to protect company systems from phishing.
Revoke suspicious user sessions: It is imperative to have a plan in place to revoke user access that shows signs of compromise.
Despite the continuous development of new attack vectors, organizations can protect themselves from compromised systems by equipping themselves with the right tools, fostering a culture and work environment, and surrounding themselves with security vendors that, like Sophos.
While consumers are no strangers to phishing emails, fraudulent SMS messages, and social media scams, the scale and complexity of cyberattacks aimed at critical sectors go far beyond these relatively simple threats.
Entire industries and governmental bodies face increasingly sophisticated attacks, which can cripple essential services, cause economic damage, and compromise sensitive data on a massive scale.
Understanding the sectors most frequently targeted by cybercriminals can offer insights into the breadth and nature of these threats, highlighting the need for vigilance, investment in security, and proactive measures.
According to data from the European Repository of Cyber Incidents (ERCI), critical infrastructure—facilities and services vital to the functioning of society—has become a prime target for cybercriminals. These infrastructures span everything from healthcare and finance to telecommunications and energy.
Let’s dive into the key sectors targeted by cybercrime, and take a closer look at the various cybersecurity challenges.
Critical infrastructure is the lifeblood of modern society, providing essential services that people rely on daily.
This makes it an attractive target for cybercriminals, who seek to disrupt, steal, or hold these services hostage in exchange for financial gains or other motives, such as political or ideological agendas.
In 2023, critical infrastructure was the most frequently attacked sector, according to ERCI. These cyber incidents range from ransomware attacks that lock systems until a ransom is paid to sophisticated breaches that steal sensitive data or cause system-wide disruptions. Statista’s report, based on ERCI data, emphasises just how much damage can be done when vital services come under attack.
Healthcare: 14.2% of critical infrastructure attacks
Among the sectors of critical infrastructure, healthcare stands out as a primary target. The healthcare industry, which includes hospitals, clinics, and other medical facilities, accounted for 14.2% of all attacks on critical infrastructure in 2023.
The motivations for targeting healthcare organisations vary but often involve ransomware attacks, theft of confidential patient records, and disruptions to healthcare services.
Ransomware is a particularly devastating tool in the arsenal of cybercriminals targeting healthcare organisations.
Attackers encrypt essential systems and files, demanding hefty sums to restore access. For healthcare providers, the stakes are incredibly high—lives can literally hang in the balance.
The disruption of care services, delays in medical treatment, and the potential exposure of personal healthcare information create a nightmare scenario for both patients and healthcare administrators.
One recent high-profile example involved the Clop ransomware gang, which targeted hospitals and healthcare organisations by exploiting vulnerabilities in widely-used file transfer software.
This attack paralysed hospital operations, forcing many to delay patient treatments or turn away non-emergency cases.
Financial organisations: 8.3% of attacks on critical infrastructure
The financial sector also remains a lucrative target for cybercriminals, accounting for 8.3% of attacks on critical infrastructure in 2023.
Financial institutions such as banks, insurance companies, and investment firms are natural targets because of the vast sums of money they manage, as well as the wealth of sensitive data they store.
Cyberattacks in this sector can take multiple forms, including:
Phishing attacks aimed at obtaining login credentials for online banking or investment platforms.
Distributed Denial of Service (DDoS) attacks that overwhelm a bank’s online services, making them inaccessible to customers.
Data breaches that expose personally identifiable information (PII) or financial details, leading to identity theft and other forms of fraud.
For instance, a well-coordinated attack on a large European bank this year resulted in a data breach that exposed millions of customer records. While the bank was quick to mitigate the breach, the reputational damage and financial loss were significant.
Telecommunications, transport, and energy sectors
The telecommunications, transport, and energy sectors also fall within the crosshairs of cybercriminals, with attacks occurring regularly in 2023. These sectors play crucial roles in ensuring that communication networks function, people and goods can move, and societies have access to power and fuel. A well-executed cyberattack against any one of these sectors can have far-reaching consequences.
Telecommunications companies have been hit by a combination of DDoS attacks, data breaches, and ransomware, often targeting critical communication infrastructure or sensitive customer data.
The transport sector, particularly airlines and rail systems, have seen an increase in cyberattacks aiming to disrupt logistics and operations.
The energy sector, including utilities providing electricity and fuel, remains a particularly worrying target because of the potential for large-scale blackouts or fuel supply disruptions. In 2023, several European energy companies reported being victims of cyberattacks designed to compromise operational systems and extort ransom payments.
State institutions and political systems: The second most common target
After critical infrastructure, state institutions and political systems are the next most common targets for cyberattacks, according to ERCI, with more than 450 reported incidents in 2023.
Cybercriminals, state-sponsored attackers, and hacktivist groups have increasingly turned their attention to government systems in pursuit of sensitive information or to sow chaos and disinformation.
State institutions often face spear-phishing campaigns, where government employees are tricked into giving up passwords or access to sensitive systems. Some attacks, particularly those backed by nation-states, aim to infiltrate defence systems, steal military secrets, or disrupt diplomatic communications.
Additionally, election interference and politically motivated attacks have continued to plague democratic systems.
Countries across Europe and North America have reported attempts to manipulate voter data or spread disinformation during elections.
These attacks often involve the exploitation of social media platforms and targeted disinformation campaigns designed to sow discord among the population or influence voting behaviour.
Cybersecurity strategies: How to stay ahead
With the relentless rise in cyberattacks, organisations and governments have been forced to adopt stronger cybersecurity measures.
The cyber threats facing critical infrastructure and state institutions have necessitated the following key strategies:
Enhanced Endpoint Security: With more devices connected to corporate and institutional networks than ever before, endpoint security is becoming a central focus. Advanced endpoint protection tools, powered by machine learning and AI, can detect and stop threats before they reach sensitive systems.
Zero Trust Architecture: As cyberattacks grow more sophisticated, many organisations are adopting Zero Trust models, which assume that no user or device—internal or external—can be trusted by default. Access is only granted after careful authentication, and users are continually monitored to ensure they pose no risk to the system.
Backup and Disaster Recovery: For sectors like healthcare, where service disruption can be catastrophic, ensuring regular data backups and establishing robust disaster recovery plans are essential. Many ransomware victims have been able to recover more quickly thanks to having secure backups in place.
Cybersecurity Awareness Training: Human error continues to be a major vulnerability. Ongoing training programs help employees recognise phishing attempts, social engineering, and other tactics used by cybercriminals.
The increase in cyberattacks on critical infrastructure, state institutions, and political systems is a stark reminder that no sector is immune to the rising tide of cybercrime.
As attacks grow in frequency and sophistication, organisations must bolster their cybersecurity defences with proactive measures.
Whether through enhanced technology, stricter access controls, or comprehensive employee training, businesses and governments alike must stay vigilant to mitigate the ever-evolving threats posed by cybercriminals.
This serves as both a wake-up call and a roadmap for how industries can protect themselves against increasingly dangerous digital threats.
The FSCA’s Joint Standard on Cybersecurity and Cyber Resilience is set to commence in June 2025, putting pressure on South African financial institutions to align with the stringent requirements established by the Financial Sector Conduct Authority (FSCA) in collaboration with the South African Reserve Bank (SARB).
With South Africa’s financial sector being one of the country’s most targeted industries, the Joint Standard is designed to mitigate the growing risks posed by cyber threats, protecting both the institutions themselves and the broader financial system from disruptive cyber events.
This will affect organisations including, but not limited to, banks, mutual banks, insurers, retirement funds and fund administrators, and collective investment scheme managers.
Troye, a leading IT solutions provider and Arctic Wolf partner, is committed to helping financial institutions and any other organisation required to comply to meet these demanding cybersecurity standards.
Helen Kruger, Troye CEO
Through their collaboration with Arctic Wolf, Troye offers a range of tailored solutions to not only meet FSCA compliance requirements but also improve institutions’ overall cybersecurity resilience against evolving threats.
According to Helen Kruger,Troye CEO, the Joint Standard details several essential cybersecurity requirements that institutions must meet.
“A foundational requirement is for organisations to develop a comprehensive cybersecurity strategy tailored to their specific risk profile, size, and complexity,” Kruger said.
“This strategy must undergo regular review and updates to ensure continued effectiveness, and robust governance structures with clearly defined roles must be established, making management responsible for collaborating with other stakeholders to ensure cyber resilience.” she explains.
In addition to the strategy and operational aspect of cyber security, financial institutions will be required to implement stringent identity and access management protocols, application and system security policies, network security measures, security awareness training programs, incident response capabilities and more.
Regular testing of cyber resilience is another critical mandate, with institutions required to conduct ongoing vulnerability assessments, penetration testing, and cyber incident simulations to assess their readiness against potential threats.
Significant cybersecurity incidents must be promptly reported to relevant authorities, ensuring transparency and enabling swift regulatory responses.
With the deadline approaching, Kruger cautions that institutions must act decisively to achieve compliance and avoid serious regulatory consequences.
Troye’s partnership with Arctic Wolf offers financial institutions and partners that may also need to comply, a seamless path to meet the FSCA’s rigorous standards. Leveraging Arctic Wolf’s cutting-edge cybersecurity operations and Troye’s local expertise on cyber security solutions and red teaming exercises, institutions can transition smoothly into compliance while enhancing their cyber resilience.
Cyber Resilience Assessment (CRA)
Arctic Wolf provides all customers with a comprehensive CRA, which enables financial institutions to assess their cybersecurity readiness against industry standards such as NIST and CIS, identifying gaps to ensure regulatory compliance.
Managed Detection and Response (MDR)
Troye offers 24/7 MDR services that monitor network, endpoint, and cloud environments in real-time. This proactive threat detection and response capability helps financial institutions mitigate potential cyber threats before they escalate, ultimately covering a large portion of the FSCA requirements from protection to detection, to response and recovery.
Continuous Vulnerability Management
Troye also provides continuous vulnerability management, which identifies and addresses security gaps before they can be exploited. “Our services cover identity infrastructure monitoring and data loss prevention, aligning with FSCA requirements for robust access management and asset protection,” Kruger adds.
Incident Response and Real-Time Remediation
Arctic Wolf’s Incident Response services provide quick action in the event of a cyber incident, minimising disruption and damage. Customers collaborate with Arctic Wolf’s Concierge Security Team to develop pre-incident plans, ensuring that institutions are well-prepared for any cyber event.
“With Arctic Wolf’s Security Journey, Troye provides continuous compliance support to help institutions maintain alignment with the FSCA’s Joint Standard,” Kruger concludes. “This ongoing partnership ensures that businesses not only meet regulatory requirements but also stay ahead of emerging cyber threats through regular updates and best practices.”
As the FSCA’s Joint Standard on Cybersecurity and Cyber Resilience comes into force in 2025, financial institutions must prioritise compliance.
Chinese-linked hackers have infiltrated several major U.S. telecommunications networks, reportedly gaining prolonged access to critical wiretap systems utilised by law enforcement for surveillance, according to U.S. government sources.
This breach, confirmed in a recent statement by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), is a serious escalation in cyber espionage threats linked to the People’s Republic of China (PRC).
The FBI and CISA have outlined that PRC-affiliated hackers infiltrated networks across numerous telecommunications companies in the United States, though the specific names of these providers remain undisclosed.
However, sources such as The Wall Street Journal have noted that companies, including AT&T, Verizon, and Lumen Technologies, may have been impacted by the intrusion.
The breach allowed attackers to persist within these networks for an extended period, granting them access to large amounts of internet traffic involving millions of Americans and numerous businesses.
This sophisticated hacking operation, reportedly led by a China-backed group called “Salt Typhoon,” enabled attackers to intercept call records and also compromise private communications belonging to specific individuals.
The targeted individuals primarily include those engaged in political or governmental activities, though U.S. agencies have refrained from identifying these targets.
Reports reveal that PRC-linked actors previously targeted high-profile figures, such as Donald Trump and his running mate Senator JD Vance, pointing to the high stakes of this cyber campaign.
The breach also enabled the attackers to duplicate sensitive information subject to U.S. law enforcement requests. In compromising systems integral to fulfilling court-ordered surveillance, these hackers gained access to highly classified data, potentially undermining U.S. national security efforts.
This is the first confirmed instance of foreign hackers successfully breaching wiretap systems within U.S. telecommunication networks.
In response, the FBI and CISA have strengthened their tactics to support the affected providers, offering technical guidance and rapidly disseminating information to strengthen cybersecurity measures across the sector.
The agencies have urged any organisation suspecting an intrusion to contact their local FBI office or CISA for immediate assistance, stressing the need for strong defences as growing cyber threats from state-backed actors increase.
The investigation aims to clarify the full scope of the breach, with authorities anticipating further developments.
This incident reveals the risks posed by state-sponsored cyber campaigns, particularly from PRC-affiliated entities, as the U.S. government works to secure its telecommunications infrastructure against future attacks.
The National Information Technology Development Agency (NITDA) has released a comprehensive advisory aimed at enhancing the security of WhatsApp accounts for Nigerian users.
The advisory provides guidance for both individual users and group administrators, detailing steps to prevent unauthorized access and respond to account breaches effectively.
This initiative is part of NITDA’s goal to safeguard digital platforms from cyber threats.
For WhatsApp Group Administrators
NITDA outlined steps that group administrators should take if a group member’s account gets hacked:
Remove the Hacked Account: To prevent unauthorized messages, admins are advised to immediately remove compromised accounts from the group.
Alert Group Members: Informing other group members about the hack and advising them to avoid suspicious links or messages is crucial.
Contact the Hacked Member: Admins should reach out to the affected individual through another platform to guide them on recovery options.
Advise on Account Recovery: Encourage the hacked member to use WhatsApp’s “Forgot PIN” or “Request Support” options to regain control.
Report the Hack to WhatsApp: If necessary, the compromised account can be reported to WhatsApp for further assistance.
These steps are designed to minimize the spread of malicious messages and reduce potential security risks for other group members.
For Individual WhatsApp Users
To protect personal WhatsApp accounts, NITDA recommends the following security measures:
Enable Two-Step Verification: Adding this extra layer of security can greatly reduce the risk of unauthorized access.
Exercise Caution with Links & Files: Avoid clicking on suspicious links or downloading files from unknown sources to prevent malware and phishing attacks.
Keep WhatsApp Updated: Regular updates ensure users benefit from the latest security features.
Control Privacy Settings: Adjust privacy options to manage who can view profile details, including the “last seen” status.
Never Share Verification Codes: Verification codes should remain confidential and not be shared, even with individuals claiming to be from WhatsApp.
Avoid Public Wi-Fi: Public networks can expose data to potential attacks; users should avoid using WhatsApp over unsecured Wi-Fi connections.
What to Do if Your Account is Hacked
In the unfortunate event of a hack, NITDA provides the following recovery steps:
Log Out of All Devices: Users should navigate to WhatsApp’s settings, disconnect unauthorized devices, and ensure only trusted devices are linked.
Re-Verify the Account: Reinstalling WhatsApp and requesting a new verification code can help regain access.
Enable Two-Step Verification: After regaining access, setting up two-step verification adds additional protection.
Inform Contacts: Notify friends and family to disregard suspicious messages from the hacked account.
Monitor for Suspicious Activity: Review recent messages for any unusual activity and report it to WhatsApp.
Contact WhatsApp Support: If recovery efforts fail, WhatsApp support can provide additional assistance.
The NITDA advisory aims to enable users with practical steps to secure their WhatsApp accounts against potential threats.
Following these guidelines will help users take assertive measures to protect their accounts, ensuring a safer digital presence.
The agency encourages all WhatsApp users to stay vigilant, secure their data, and act quickly if any suspicious activity is observed.
Privacy solution provider Privado.ai released its 2024 State of Website Privacy Report, which reveals that 75% of the 100 most visited websites in the U.S. and Europe are not compliant with current privacy regulations.
Despite stricter privacy enforcement in Europe, Privado found a surprising 74% of top websites in Europe do not honour opt-in consent as required by Europe’s General Data Protection Regulation (GDPR).
Although top websites in the U.S. had a similar non-compliance rate of 76% for not honouring opt-out consent as required by the California Privacy Rights Act (CPRA), Privado found the median volume of compliance risks to be 3X higher in the U.S.
The State of Website Privacy Report is based on data from Privado’s consent monitoring solution collected in September 2024. Privado.ai decided to launch this solution and release this report in response to increasing privacy fines in both the U.S. and Europe.
In the US, at least 10 companies since 2022 have been fined for violating consent compliance on websites as regulated by CPRA, the FTC (Federal Trade Commission), or HIPAA (Health Insurance Portability and Accountability Act).
With fines mounting and consumers demanding greater privacy, personal data sharing from websites has become a major legal risk for companies worldwide.
State of Website Privacy Report Key Findings
76% of the most visited websites in the US do not honour CPRA opt-out signals
74% of the most visited websites in Europe do not honour GDPR opt-in consent
The most visited websites share personal data with an average of 17 advertising 3rd parties in the US and 6 in Europe
“With modern privacy laws now in place, websites have added cookie banners in an attempt to comply, but the banners are usually misconfigured,” said Privado CEO Vaibhav Antil.
“Especially as marketing technology constantly changes on websites, privacy teams need continuous consent testing on websites to ensure compliance.”
Most websites do not honour consent as required by privacy regulations in the US and Europe
To comply with the CPRA amendment to CCPA (California Consumer Privacy Act), websites in the US must block personal data sharing with advertising third parties if the user opts out of data sharing.
To comply with GDPR, websites in Europe must block personal data collection and sharing with third parties unless the user provides opt-in consent. Despite increasing privacy fines in the US and Europe, most websites are not honouring the consent requirements in the US or Europe.
Non-compliant websites in the US average 3X more compliance risks than those in Europe
Privacy teams typically lack the visibility and controls to track what third parties are integrated with on their websites and whether they are honouring consent requirements.
With teams using so many third parties to optimize marketing and website performance, privacy teams need comprehensive solutions to continuously monitor consent and data flows.
Top websites in the US and Europe typically share data with over 20 3rd parties
Median 3rd Parties Integrated with Top Websites
Consent management platforms alone do not ensure consent compliance
Consent management platforms (CMPs) are effective at managing the complexity of implementing consent banners and data flows across websites, but CMPs can’t sufficiently monitor and validate consent compliance. Privacy teams need continuous website monitoring solutions to mitigate privacy risks at scale. The solutions should provide a real-time view of third parties integrated with their websites, each data element being sent to which third parties, and consent banner functionality.
Privacy code scanning and consent management platforms together can ensure privacy compliance
Privacy code scanning should be used in conjunction with a consent management platform to implement best-in-class digital tracking governance for websites and mobile apps.
Consent management platforms are critical for collecting, acting on, and recording consent, but they lack the full visibility and governance to ensure personal data doesn’t improperly leak to advertising third parties.
Privacy code scanning enables the complete and continuous visibility and governance needed to ensure compliance with today’s complex web of privacy regulations.
Sophos, a global leader of innovative security solutions for defeating cyberattacks, has released “Pacific Rim,” a report detailing its defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including Sophos Firewalls.
The attackers used a series of campaigns with novel exploits and customized malware to embed tools to conduct surveillance, sabotage and cyberespionage as well as overlapping tactics, tools and procedures (TTPs) with well-known Chinese nation-state groups including Volt Typhoon, APT31 and APT41.
The adversaries targeted both small and large critical infrastructure and government targets, primarily located in South and South-East Asia, including nuclear energy suppliers, a national capital’s airport, a military hospital, state security apparatus, and central government ministries.
Throughout Pacific Rim, Sophos X-Ops, the company’s cybersecurity and threat intelligence unit, worked to neutralize the adversaries’ moves and continuously evolved defenses and counter-offensives.
After Sophos successfully responded to the initial attacks, the adversaries escalated their efforts and brought in more experienced operators. Sophos subsequently uncovered a vast adversarial ecosystem.
While Sophos released details starting in 2020 on the campaigns associated, including Cloud Snooper and Asnarök, the company is sharing the overall investigation analysis to raise awareness of the persistence of Chinese nation-state adversaries and their hyperfocus to compromise perimeter, unpatched and end-of-life (EOL) devices, often via zero-day exploits they are creating for those devices. Sophos is also encouraging all organizations to urgently apply patches for vulnerabilities discovered in any of their internet-facing devices and to migrate any older unsupported devices to current models.
Sophos regularly updates all of its supported products based on new threats and indicators of compromise (IoCs) to protect customers. Sophos Firewall customers are protected via rapid hotfixes that are now turned on by default.
“The reality is that edge devices have become highly attractive targets for Chinese nation-state groups like Volt Typhoon and others as they look to build operational relay boxes (ORBs) to obfuscate and support their activity. This includes directly targeting an organization for espionage, or indirectly leveraging any weak points for onward attacks – essentially becoming collateral damage. Even organizations that are not targets are getting hit. Network devices designed for businesses are natural targets for these purposes – they are powerful, always on, and have constant connectivity,” said Ross McKerchar, CISO at Sophos. “When a group seeking to build a global network of ORBs targeted some of our devices, we responded by applying the same detection and response techniques we use to defend our corporate endpoints and network devices. This allowed us to burn multiple operations and tap into a valuable stream of threat intelligence that we applied to protect our customers from both future widespread attacks and highly targeted operations.”
Highlights of the Report
On Dec. 4, 2018, a low-privileged computer connected to an overhead display began to scan the Sophos network—seemingly on its own—at the India headquarters of Cyberoam, a company Sophos acquired in 2014. Sophos found a payload quietly listening for specialized inbound internet traffic on the computer that contained a novel type of backdoor and a complex rootkit — “Cloud Snooper.”
In April 2020, after several organizations reported a user interface pointing to a domain with “Sophos” in its name. Sophos worked with European law enforcement, which tracked down and confiscated the server the adversaries used to deploy malicious payloads in what Sophos later dubbed Asnarök. Sophos neutralized Asnarök, which the company was able to attribute to China, by taking over the malware’s command and control (C2) channel. It also allowed Sophos to neutralize a planned wave of botnet attacks.
After Asnarök, Sophos advanced its intelligence operations by creating an additional threat actor tracking program focused on identifying and disrupting adversaries looking to exploit Sophos devices deployed in customer environments; the program was built using a combination of open-source intelligence, web analytics, telemetry monitoring, and targeted kernel implants deployed to the attackers’ research devices.
Next, the attackers showed an increasing level of persistence, upleveling their tactics and deploying increasingly stealthy malware. However, using its threat actor tracking program and enhanced telemetry gathering capabilities, Sophos was able to pre-empt several attacks and obtain a copy of a UEFI bootkit and custom exploits before they could be deployed broadly.
A few months later, Sophos tracked some of the attacks to an adversary who has demonstrated links to China and Sichuan Silence Information Technology’s Double Helix Research Institute in the country’s Chengdu region.
In March 2022, an anonymous security researcher reported a zero-day remote code execution vulnerability, designated CVE-2022-1040, to Sophos as part of the company’s bug bounty program. Further investigation revealed that this CVE was already being exploited in the wild in multiple operations—operations that Sophos was then able to stop impacting customers. After deeper analysis, Sophos determined the person reporting the exploit may have had a connection to the adversaries. This was the second time Sophos received a suspiciously timed “tip” about an exploit before it was used maliciously.
“Recent advisories from CISA have made it clear that Chinese nation-state groups have become a perennial threat to nations’ critical infrastructure,” McKerchar continued. “What we tend to forget is that small- and medium-sized businesses—those that form the bulk of the supply chain for critical infrastructure—are targets since they are often the weak links in this supply chain. Unfortunately, these businesses often have fewer resources to defend against such sophisticated threats. Further complicating matters is the tendency for these adversaries to gain a foothold and dig in, making it hard to evict them. The modus operandi of China-based adversaries is creating long-term persistence and complex obfuscated attacks. They won’t stop until they’re disrupted.”
Industry Quotes About Sophos’ Pacific Rim Report
“Through the JCDC, CISA obtains and shares crucial intelligence on the cybersecurity challenges we face, including the advanced tactics and techniques used by People’s Republic of China (PRC) state-sponsored cyber actors. The expertise of partners like Sophos and reports like its Pacific Rim report, provides the global cyber community more insights into the PRC’s evolving behaviors. By working side-by-side, we are helping cyber defenders understand the scale and widespread exploitation of edge network devices and implement mitigation strategies,” said Jeff Greene, executive assistant director for cybersecurity at CISA. “CISA continues to highlight how classes of vulnerabilities, including SQL injections and memory safety vulnerabilities, continue to be exploited en masse. We urge software manufacturers to review our Secure by Design resources and, as Sophos has done in this case, put its principles into practice. We encourage others to take the pledge and to review our alerts on how to eliminate common classes of defects.”
“Many cybersecurity vendors conduct adversarial research operations, but few are able to successfully do so against such a challenging set of nation-state adversaries for such a long period of time,” said Eric Parizo, managing principal analyst with the cybersecurity research group at Omdia. “Sophos made the most of a highly unique opportunity, and it should be lauded for delivering research and tactical takeaways that will help better defend its customers now and well into the future.”
“At NCSC-NL, one of our tasks is to share information and connect organisations. Facilitating communication and cooperation between national and international organisations is of great importance to improve cyber resilience. We are happy to have been able to make a contribution to this investigation with Sophos,” said Hielke Bontius, head of operations, NCSC-NL.
Advice for Defenders
Organizations should expect all internet-facing devices are prime targets for nation-state adversaries, especially those devices in critical infrastructure. Sophos encourages organizations to take the following actions to strengthen their security posture.
Minimize internet-facing services and devices when possible
Prioritize patching with urgency for internet-facing devices and monitor these devices
Enable hotfixes for edge devices to be allowed and applied automatically
Collaborate with law enforcement, public-private partners, and government to share and act on relevant IoCs
Create a plan for how your organization deals with EOL devices
“We need to work collaboratively across the public and private sector, law enforcement and governments, and the security industry, to share what we know about these adversarial operations. Targeting the very same edge devices that are deployed to protect networks is a bold and clever tactic. Organizations, channel partners and Managed Service Providers need to understand that these devices are top targets for attackers and should ensure they are appropriately hardened, and critical patches are applied as soon as they are released. In fact, we know that attackers are actively hunting for EOL devices. Vendors play a big part here, too. They need to help customers by supporting reliable and well-tested hot fixing, making it easy to upgrade from EOL platforms, systematically refactoring or removing legacy code that can harbor lingering vulnerabilities, continuously improving secure by default designs to offload the customer burden of hardening, and monitoring the integrity of our deployed devices,” concluded McKerchar.
Cybersecurity researchers from Bitdefender Labs have uncovered a new malware campaign targeting Facebook users, with cybercriminals using Meta’s ads platform to spread a harmful program known as SYS01 infostealer.
This campaign leverages advertisements from seemingly reputable brands, including Netflix, Office 365, and CapCut, to deceive users into downloading malware disguised as legitimate software.
The primary target of this campaign appears to be older male users, with the goal of seizing control of their Facebook accounts and harvesting personal data.
According to Bitdefender, cybercriminals create convincing ads that mimic authentic services or popular applications, such as free, ad-free Netflix streaming and productivity tools, enticing users to click.
Once a user interacts with these ads, they are redirected to MediaFire, a cloud storage platform where a malicious ZIP file awaits. The malware, embedded within this ZIP, uses Electron applications that visually replicate the advertised software but operate covertly to capture the user’s information.
One of the distinguishing features of the SYS01 malware is its adaptability. It is programmed to bypass many security detection systems, employing advanced techniques such as sandbox evasion and constant code updates from command and control servers.
Bitdefender highlights that cybercriminals swiftly alter the malware’s code whenever cybersecurity companies detect and block a particular version, which allows the campaign to continue undetected on Meta’s platforms.
This malware’s design compromises individual Facebook accounts and also exploits business accounts. Hijacked accounts are repurposed by attackers to distribute further malicious ads, thereby expanding the campaign’s reach.
This strategic use of compromised accounts has enabled the campaign to extend globally, impacting users across continents, including Europe, North America, and Asia.
Initially discovered in September 2024, the SYS01 infostealer has reportedly affected millions of users. Bitdefender emphasises that the malware remains active and continuously evolves, with new ads appearing daily.
The firm advises users to exercise caution when encountering online advertisements that promise free or premium services, even from recognisable brands.
Facebook users are advised to avoid clicking on suspicious ads and to be wary of software downloads from unofficial sources.
