During an exclusive media roundtable hosted by the cybersecurity firm, which provided insights into the trends and developments impacting the cybersecurity sector in the first six months of the year 2024, Gbolabo Awelewa, chief solutions officer at Cybervergent, explained the importance of cybersecurity vigilance. 

“In the past, we did a lot of this work without making it public. As tech people, we worked with our customers and didn’t realize how much we could improve the ecosystem by sharing these insights,” Awelewa said, pointing to the need for greater transparency within the industry.

The rise in cyber-attacks in Africa surged by 37%, with organizations facing an average of 2,960 attacks per week. 

This surge, coupled with evolving threats, stressed the importance of SOCs in monitoring, detecting, and mitigating risks. 

The SOC was likened to a fitness trainer, providing personalized recommendations to strengthen organizational cybersecurity measures, ensuring that systems remain resilient even in the dynamic threat space.

The H1 report also disclosed that 19,920 endpoints were actively protected, while 226,103 security events were resolved through automated processes. However, the SOC also faced challenges, including the identification of 13,305 false positives, which the platform meticulously filtered out.

Cyber Weaknesses and Challenges 

The report shed light on weaknesses that continue to affect organizations, particularly in sectors like financial services and healthcare. 

One major issue identified was the use of outdated legacy systems. “Many organizations, especially in financial services, are using legacy systems that are out of support. These systems often have vulnerabilities that can be exploited,” Awelewa said. 

He noted that efforts to put compensating controls around such systems often lead to further complications, especially when resources are limited.

Other challenges included human error, insufficient training, and a lack of awareness of the latest security standards, which left many organizations vulnerable to breaches. 

Awelewa further explained that fraud cases are often a result of intentional human actions, disguised as errors. “The biggest leaks in organizations today are due to human error — both intentional and unintentional,” he added.

Malware Trends and Threat Landscape 

The report detailed several emerging malware threats that organizations faced, including SocGholish, which uses social engineering to trick users into downloading malicious files, and Scattered Spider (UNC3944), which bypasses multi-factor authentication and infiltrates through cloud identities. 

The growing threat of Rilide Stealer was also revealed. This targets Chromium-based browsers to steal email credentials and crypto assets, as well as Vidar Infostealer, which compromises everything from crypto wallets to web browsers.

One of the most concerning malware identified was Vidar Infoskiller, a particularly dangerous tool that targets Windows-based applications and crypto wallets. Awelewa described the malware as “capable of bypassing multiple security layers, leading to serious financial losses.” 

He advised organizations to regularly update their software and educate employees on the latest phishing tactics to mitigate such risks.

Industry-Specific Challenges 

Cybervergent’s report also disclosed sector-specific cybersecurity challenges. For instance, the healthcare sector faces several difficulties in handling sensitive patient data within complex systems, while the education sector is constrained by limited budgets, preventing investments in advanced security measures. 

The manufacturing and retail sectors were noted for their struggle in balancing operational technology (OT) and IT security.

SOC as a Pillar of Resilience 

Cybervergent’s SOC played a very important role in defending against these evolving threats by continuously monitoring alerts, events, and threat indicators. 

A total of 116,580 detection analytics were applied, and SOC analysts meticulously examined 304,522 events, leading to the identification of 42,200 potentially malicious activities. This approach allowed the SOC to tailor cybersecurity measures to improve clients’ overall cyber health.

Awelewa likened the SOC’s role to that of a fitness coach, constantly guiding organizations to strengthen their security posture. “Our job is to spot threats early and help our customers respond quickly. It’s all about being proactive,” he reiterated, stressing the need for organizations to adopt assertive cybersecurity measures instead of reactive approaches.

Cybervergent — H2 Focus on Zero-Day Exploits and CaaS 

For the second half of 2024, Cybervergent looks to focus on combating zero-day exploits, strengthening cloud security, and addressing the rise of Cybercrime-as-a-Service (CaaS). 

Awelewa emphasized the need for organizations to fortify their defences, particularly against insider threats and sophisticated ransomware attacks.

He called on all organizations to prioritize cybersecurity, treating it not just as a compliance requirement but as an integral component of their operational strategy.

Remaining vigilant and investing in strong security tools will enable companies to build a more resilient defence even as the digital environment becomes more hostile.

“In cybersecurity, it’s not about if an attack will happen, but when. Preparedness is key,” Awelewa concluded.

• Ransomware attacks saw a sharp increase once again over the past year.
• AI and the increase in mobile-connected devices provide further areas of vulnerability for cybercriminals to exploit.
• Early detection can reduce the cost of breaches up to a thousandfold.

Following two years of high but stable loss activity, 2023 saw a worrying resurgence in ransomware and extortion losses, as the cyber threat landscape continues to evolve.

Hackers are increasingly targeting IT and physical supply chains, launching mass cyber-attacks, and finding new ways to extort money from businesses, large and small.

It’s little wonder that our customers and clients rank cyber risk as their top concern in the annual Allianz Risk Barometer survey.

Ransomware claims activity was up by more than 50% year-on-year in 2023. Meanwhile, so-called Ransomware-as-a-Service (RaaS) kits, where prices start from as little as US$40, have been a key driver in the rising frequency of attacks overall.

Gangs are also carrying out more attacks faster, with the average number of days taken to execute one falling from around 60 days in 2019 to four.

Most ransomware attacks now involve the theft of personal or sensitive commercial data for, increasing the cost and complexity of incidents, as well as bringing greater potential for reputational damage.

As a global insurer, Allianz Commercial’s analysis of large cyber losses (€1mn+) in recent years shows that the number of cases in which data is exfiltrated is increasing – doubling from 40% in 2019 to almost 80% in 2022, with activity in 2023 tracking even higher.

Protecting an organization against intrusion therefore is a cat-and-mouse game, in which cyber criminals have the advantage.

Threat actors are now exploring ways to use artificial intelligence (AI) to automate and accelerate  cyber-attacks, creating more effective malware and phishing. Combined with the explosion in connected mobile devices and 5G-enabled Internet of Things (IoT), the avenues for cyber-attacks look only likely to increase in the future.

At Allianz, our global team of risk engineers regularly monitors the cyber landscape, assisting companies with mitigating emerging risks. Threats currently on our radar include:

1. The power of AI (to accelerate cyber-attacks)

Threat actors are already using AI-powered language models like ChatGPT to write code. Generative AI can help less proficient threat actors create new strains and variations of existing ransomware, potentially increasing the number of attacks they can execute. We expect an increased utilization of AI by malicious actors in the future, necessitating even stronger cybersecurity measures.

Voice simulation software has already become a powerful addition to the cyber criminal’s arsenal. There was the case of the CEO of a British energy provider transferring around US$250,000 to a scammer after they received a call from what they thought was the head of the unit’s parent company, asking them to wire money to a supplier. The voice was generated using AI. Deepfake video technology designed and sold for phishing frauds can also now be found online, for prices as low as US $20 per minute.

It is not all bad news though. We might see more AI-enabled incidents in the future, but investment in detection backed by AI should also help to catch more incidents earlier.

2. Mobile devices expose personal and corporate data

Lax security and the mixing of personal and corporate data on mobile devices, including smartphones, tablets, and laptops, is an attractive combination for cybercriminals. Allianz Commercial has seen a growing number of incidents caused by poor cyber security around mobile devices.

During the pandemic, many organizations enabled new ways of accessing their corporate network via private devices, without the need for multi-factor authentication (MFA). This also resulted in several successful cyber-attacks and large insurance claims.

Criminals are now targeting mobile devices with specific malware to gain remote access, steal login credentials, or deploy ransomware. Personal devices tend to have less stringent security measures. Utilizing public wi-fi on such devices can increase their vulnerability, including exposure to phishing attacks via social media.

The rollout of 5G technology is also an area of potential concern if not managed appropriately, given it will power even more connected devices, including sophisticated applications – from driverless cars to smart cities.

However, many IoT devices do not have a good record when it comes to cyber security, are easily discoverable, and will not have MFA mechanisms, which, together with the addition of AI, presents a serious cyber threat. Even today we see devices with default passwords that are available on the internet.

3. Cyber security skills shortage affects the cost and frequency of incidents

A growing shortage of professionals will increasingly complicate cybersecurity efforts. The current global cyber security workforce Gap stands at more than four million people with demand growing twice as fast as supply. Gartner predicts that a lack of talent or human failure will be responsible for over half of significant cyber incidents by 2025.

In short, because technology is moving so fast, there are not enough experienced people to keep pace with the threats. It’s very hard to get good cyber security engineers, which means companies are more exposed to cyber events.

Without skilled personnel, it is more difficult to predict and prevent incidents, which could mean more losses in the future. The shortage of cyber security experts also impacts the cost of an incident.

Organizations with a high level of security skills shortage had a US$5.36mn average data breach cost, around 20% higher than the actual average cost, according to the IBM Cost of a Data Breach Report 2023.

Early detection is key to combating emerging cyber threats

Preventing a cyber-attack is becoming harder, and the stakes are higher. As a result, early detection and response capabilities and tools are becoming ever more important.

If you have an undetected loophole in your network, it is a potential Achilles heel. And if you do not have effective early detection tools it can lead to longer unplanned downtime, increased costs, and have a greater impact on customers, revenue, profitability, as well as your reputation.

The lion’s share of IT security budgets is currently spent on prevention with around 35% directed to detection and response.

However, if undetected an intrusion can quickly escalate, and once data is encrypted and/or stolen, the costs snowball – as much as 1,000 times higher than if an incident is not detected and contained early. The difference between a €20,000 loss turning into a €20mn one.

Looking forward, detection tools will be the next logical step for most companies to invest in. Ultimately, early detection and effective response capabilities will be key to mitigating the impact of cyber-attacks, as well as ensuring a sustainable cyber insurance market going forward.

[Featured Image Credit]

According to research carried out by cyber security firm: threat cloud, over 4 million attacks occur on a daily basis around the world. In this article, we will highlight and discuss common cyber attacks you may experience.

Attack 1: Malware

Malware or malicious software is a set of programs designed by cyber criminals to destroy computer systems, gain unauthorized access, and steal data from a system.

Malware can be classified into viruses, spyware, adware, worms, and Trojans. Let’s have a quick look at the types of malware:

Virus: A virus is a type of malware that causes harm to your computer system by slowing it down, and corrupting files.

Spyware: This refers to software that steals your private information, and sends it to a third party without your knowledge. Just like a spy, it’s hard to detect and transfers sensitive data to end users who can use it to defraud you.

Adware: Adware, also referred to as advertisement-supported software, displays unnecessary ads while you are surfing the internet. Adware is usually obtained when you unknowingly install a free app on your system that contains adware.

The ads popup so frequently that you can mistakenly click on them, and since some of them are laced with malicious links, you can mistakenly download a virus, without even knowing.

Worms: Once a worn finds its way into your device, it replicates itself with the aim to corrupt other computer systems. It is different from the virus as it doesn’t have to be attached to any software to cause damage. 

Trojan: Trojan is a malicious software program that seems legitimate, but when installed, causes damage and data loss to the computer system. The National Information Technology Development Agency (NITDA) has discovered two recent malware in Nigeria: ‘Flubot Spyware’ and ‘Saint Bot Malware’.

Flubot Spyware targets Android devices and sends fake security updates or app installations in the form of SMS. Unsuspecting Android users who install the spyware have their bank login details stolen which leads to financial loss.

Also, Flubot gains access to the contacts of such phones and sends similar SMS to them.

Saint Bot Malware is sent to the mail with a .zip file that masquerades as a Bitcoin wallet but in reality, it is a PowerShell script. Once the file is opened, malware is downloaded into the system. NITDA advises as a precaution you should always download software from the official website of the company offering it.

Attack 2: Phishing Attack

Phishing is a cyber-attack whereby scammers pose as a credible organization to collect personal information from you.

This cyber attack could be in the form of a text, email, or phone call. Phishers compose enticing messages that convince you to disclose your personal information. A phishing attack must be well thought out to ensure its success.

Planning a phishing attack usually involves the cybercriminal conducting social engineering on you, to profile you and find out what you are interested in. The phishing process is as follows:

• Preparing the hook: preparing a fake website example a fake Facebook login page

• Baiting: sending the fake login page to you via a link in an email, and urging you to act urgently

• Redirecting: once you take the bait and try to login, your credentials are harvested by the cybercriminal and you are redirected to the original Facebook page, so you don’t suspect anything

Attack 3: Malvertising

Malvertising, also known as malware advertising, uses online advertising to spread malware to users of a website. The attackers create malicious ads with JavaScript embedded which makes it difficult to differentiate them from legitimate ads.

Such ads are displayed on your system like the real ones. They are usually composed in an enticing way to make you click on them. Investment scams are notorious for malvertising as cybercriminals pose as fund managers, stockbrokers and some even claim to be online forex brokers to lure you in with promises of trading on a mobile app with zero risk and huge returns.

The common scam ads is related to forex trading apps that promote in Nigeria without regulation.

There are only a few Tier-1 regulated brokers that offer their forex trading apps in Nigeria on mobile via iOS & Android. But many unregulated & offshore forex brokers promote their apps mostly via JavaScript ads on popular illegal websites visited by Nigerians, but these are unsafe for users.

While advertising is not bad, you should not take investment advice from random unsolicited popups.

Endeavour to visit the Securities and Exchange Commission (SEC) website to verify any investment you come across online before committing your funds.

Attack 4: DDoS Attacks

A Distributed Denial of Service (DDoS) attack is an attempt to slow down a server or network by bombarding it with traffic. Simply put, DDoS prevents a server from attending to its users by overloading it with excessive data. When a server is too congested, it results in denial-of-service to the real users.

DDoS attacks are carried out with computers and devices that have been infected with malware. The hacker sends an instruction to these compromised systems and devices, also known as a botnet.

The botnet attacks a targeted IP address when instructed and causes the server to lag. The targeted network would be unable to serve its legitimate users. It is always difficult to separate the attack traffic from the legitimate traffic since the botnet is a real internet device.

Attack 5: Man in the Middle (MITM) Attacks

Man in the middle (MITM) attack is a cyber attack in which an attacker interrupts an existing conversation or data transfer. The attacker either eavesdrops or pretends to be a legitimate party, and steals private information from the victim.

A MITM attack undergoes two phases: interception and decryption. An attacker creates a Wi-Fi hotspot without a password and waits for victims to join the network.

Anyone who joins such a network grants the attacker access to any data they share online. This is known as an interception. This interception can be done via DNS, IP, and ARP spoofing.

Once the attacker gets in the ‘middle’ of the victim and his destination site, he steals the victim’s data. The victim’s data is usually encrypted, so he has to decode the data in order to use it (decryption). This decryption is done via HTTPS spoofing, SSL high jacking, & SSL spoofing.

MITM attacks are done very quickly without the knowledge of the victim. The attackers use the data collected to defraud the victim, for example, wipe his bank account balance.

Attack 6: Drive by Download

Cybercriminals make use of this method to introduce further malware to their victim’s system. You may be unaware of the malicious download since you don’t have to download any program.

A drive-by download is unique because you don’t have to download any program or open any attachment for it to be activated. So how does drive-by download work?

The drive-by download takes advantage of unsecured and outdated apps, web browsers, and operating systems.  You can be attacked by drive-by download in two ways:

• Authorization without complete information about an action: This happens when you either click a fake link or download a Trojan. You are ignorant about the consequences of such action thus, introducing drive-by download into your computer.

• No authorization and notification: Drive-by download creeps into your computer or mobile device without notification due to an outdated web browser or browsing on an infected website.

Attack 7: Password Attacks

A password attack is an attempt by cybercriminals to steal your password. According to research by cloud nine, 80% of breaches are connected with password issues. 

Cybercriminals devise several techniques to steal legitimate passwords which include phishing, key logging, and dictionary password attacks among others.

Firstly, Key logging is a process in which a hacker records keystrokes made on your keyboard after he installs a key logger in your device. A key logger is malicious software that, when installed, captures your keystrokes and sends them to the hacker. A key logger can also be a hardware device connected to your USB port, so a routine inspection of your computer is in place. 

Secondly, dictionary password attacks are carried out by guessing words and phrases that a user would likely use as passwords. Hackers have software that use every word in the dictionary, combined with phrases and numbers, to predict your password.

Attack 8: Rogue Security Software

Rogue security software is a malware that deceives its victims to think that they have a virus on their computer and offers a solution in the form of antivirus.

Unsuspecting victims pay and download the antivirus software. The ‘antivirus’ introduces malware into the system.

Protect your PC/Mobile Device

• Don’t open any attachments you are unsure of.
• Your password should include letters, numbers, and special characters in upper and lower case.
• Ensure that you update your apps and web browsers regularly.
• Use an ad blocker.
• Check email addresses to make sure they are from the right sources.
• Use internet security software on your devices.
• Add a password to your Wi-Fi hotspot.