Cyber threat actors have recently exposed data purportedly from both private and public institutions in Nigeria, underscoring the growing need for stronger cybersecurity frameworks, proactive threat monitoring, and coordinated incident response measures.

But Digital Encode’s advisory highlights a troubling pattern: most recent cyber incidents are not driven by sophisticated zero-day exploits, but by preventable weaknesses in basic security configurations, credential management, and operational controls.

According to the advisory signed by Professor Obadare Adewale Peter, Chief Visionary Officer of Digital Encode Limited, attackers are increasingly exploiting misconfigured systems and publicly exposed assets, such as unsecured databases, open cloud storage buckets, leaked API keys, and critical servers exposed to the internet, many of which are easily discoverable through open repositories, cloud indexing tools, and even dark web marketplaces.

The advisory outlines critical areas of concern, including publicly accessible cloud storage exposing sensitive customer and operational data; hardcoded secrets in web and mobile applications, including API keys and tokens; leaked credentials in repositories and deployment artifacts; weak internal access controls and over-reliance on single authentication layers; exposure of administrative endpoints, API documentation, and development environments in production; uncontrolled use of Third-Party Hosting platforms such as Vercel, Netlify, and Render; poor token lifecycle management and weak authentication, inadequate vendor risk management and monitoring controls

Digital Encode noted that these vulnerabilities are widespread across organizations, particularly in financial institutions, payment service providers, Fintech companies and public sector platforms, where similar exposure patterns continue to recur.

Not a Technology Problem, But an Execution Gap

“Organizations affected in recent breaches were not compromised due to highly advanced attacks, but due to lapses in enforcing existing security controls, like, ensuring that no cloud resources linked to organizations whether AWS S3, Azure Blob, Google Cloud Storage, or Firebase allow anonymous access, Verify that no cloud credentials or API tokens are exposed in public or private repositories, container registries or deployed applications, and all external and internal APIs must enforce authentication and authorization controls at all times” Prof. Obadare stated.

The advisory stresses that most of these risks can be mitigated with readily available tools and best practices, underscoring a critical gap between security policy and implementation.

Urgent Actions Recommended

Digital Encode has called on organizations to act immediately by conducting a comprehensive audit of all internet-facing assets, including third-party systems; revoking and rotating all exposed or potentially compromised credentials including passwords, API keys, and access tokens; reviewing historical logs to assess the extent of any prior exploitation; engaging vendors to address third-party security exposures; fixing identified misconfigurations and validating remediation efforts; strengthening monitoring, logging, and threat detection systems; and documenting remediation steps and residual risks for governance and compliance.

The firm also emphasized the need for improved visibility into shadow IT and unauthorized deployments tied to employees’ accounts, which increasingly serve as entry points for attackers.

Call for Proactive Security Posture

Digital Encode reiterated its commitment to supporting organizations through enterprise-wide security assessments and independent validation of implemented controls.

“We strongly advise that this advisory be actioned without delay,” Prof Obadare warned, adding that proactive security hygiene, not reactive response, will determine resilience in Nigeria’s evolving threat landscape.

Digital Encode Limited is a trusted cybersecurity advisory firm specializing in information security, digital trust, and GRC services. The company supports organizations across sectors in strengthening their security posture and achieving regulatory compliance.

The disclosure was made in a statement on Thursday by Chidinma Oboli, Integrated Management System Lead at Nomba, who said the attacks are deceptive and dangerous, relying on visual manipulation to trick users into revealing sensitive information.

“In Nigeria’s rapidly growing digital economy—where mobile-first platforms are redefining banking, commerce, and social interaction—user trust has become one of the most valuable assets a digital company can build,” Oboli said. “But just as digital products scale fast, so do the threats that seek to undermine them.”

He explained that homograph attacks involve registering fake websites using characters from foreign scripts that closely resemble Latin letters. These websites, though fraudulent, appear almost identical to legitimate ones, fooling users into sharing login credentials, payment information, and personal data.

“A domain like www.fαcebook.com can easily be mistaken for www.facebook.com. To the human eye, they’re the same, but behind the scenes, the user is being redirected to a malicious site,” the executive said.

Oboli noted that the implications are especially severe in a digital-first market like Nigeria, where fintech platforms, e-commerce services, and social media apps play a critical role in daily life. 

He said that while the attacks are technical in execution, the damage they cause is deeply human—eroding confidence and trust in platforms that handle financial and personal information.

The expert urged digital companies to view security as part of the overall user experience, not just a backend function, stressing that protecting users from threats like homograph attacks should be integrated into product design and communication.

Oboli also called on users to stay vigilant online, advising them to double-check website URLs, avoid clicking unfamiliar links, and use strong, unique passwords. 

He warned that messages demanding urgent action, such as account suspension threats, are often signs of phishing attempts.

“These attacks don’t just compromise data—they compromise trust,” he said. “And in today’s digital environment, trust is everything. A secure product is not just defined by its code, but by how it protects the human moments that connect users to a brand.”

His warning comes amid growing concerns about cybersecurity in Nigeria’s fast-expanding digital services sector, where fraudsters are increasingly using sophisticated tactics to exploit unsuspecting users.

The outage was linked to a large-scale cyberattack, according to X’s owner, Elon Musk.

Elon Musk claimed the attack was more sophisticated than usual, noting that a well-coordinated group or even a nation-state could be behind it. “We get attacked every day, but this was done with a lot of resources. Either a large, coordinated group and/or a country is involved,” he posted on X. 

However, he did not elaborate on what he meant by “a lot of resources,” leaving room for speculation.

The incident was first reported around 9:45 UTC, with outage tracking site Downdetector recording a peak of over 39,000 affected users in the United States by 10 a.m. ET. Although reports of disruptions declined throughout the day, around 1,500 users were still experiencing issues by 5 p.m.

A source within the internet infrastructure sector confirmed that X was hit by multiple waves of a denial-of-service (DoS) attack. 

These attacks flood websites with excessive traffic, making them temporarily inaccessible. While effective in causing disruptions, DoS attacks are not necessarily complex and can be launched by individuals or small groups.

Musk later claimed in an interview with Fox Business Network’s Larry Kudlow that the attack originated from IP addresses linked to Ukraine. 

However, this account was challenged by an expert, who stated that most of the rogue traffic targeting X came from multiple locations, including the United States, Vietnam, and Brazil. “The amount of rogue traffic coming directly from Ukraine was insignificant,” the expert noted.

Tracing the origins of such cyberattacks is notoriously difficult, as attackers often mask their locations using various methods. IP addresses alone do not always reveal the true source, making attribution uncertain.

Musk’s comments on Ukraine result from his current objection to U.S. support for the country’s defence against Russia. He recently stated that Ukraine’s frontline “would collapse” without his Starlink satellite service but assured that he had no intention of cutting off access.

Despite the impact of the outage, X has not issued any official statement explaining the cause of the disruption. While service has gradually improved, some users continue to report occasional technical issues.

Initially, Casio only mentioned a “system disruption,” but it later confirmed that the incident was a ransomware attack, exposing personal data of employees, contractors, business partners, and some customers.

The company reported that the attackers had accessed a range of information, including human resources files, technical data, and confidential company documents such as contracts and invoices. 

Notably, personal information of individuals who had applied for jobs at Casio was also compromised. Although the company clarified that no credit card details were involved, the precise scope of the breach remains under investigation.

While Casio has not named the attackers, a ransomware group known as Underground has claimed responsibility. This group, which has been active since mid-2023, allegedly stole over 200 gigabytes of data and has started leaking some of the stolen information. Underground has ties to the Russia-based cybercrime group RomCom, known for its ransomware activities and alleged intelligence-related operations.

Casio is still working on recovering from the attack, with some of its systems still offline. The company has engaged external cybersecurity specialists to assist in restoring operations and is working closely with law enforcement agencies to manage the aftermath. 

Casio urged individuals affected by the breach to remain vigilant, warning them of possible phishing and spam attacks using the compromised data.

The company emphasised the importance of refraining from spreading leaked information, as doing so could further harm those affected. While the full extent of the attack is still being evaluated, Casio is focused on safeguarding the privacy of its stakeholders and minimising further damage.

The breach, which occurred between September 20 and 22, 2024, caused a week-long outage that disrupted the company’s website and app services. The breach was discovered on September 27, 2024.

The stolen data includes customers’ names, phone numbers, email addresses, dates of birth, and in some cases, Social Security numbers and government identification documents.

Added to this, postal addresses, bank account numbers, and MoneyGram Plus Rewards numbers were compromised. Transaction details, including dates and amounts, were also affected.

MoneyGram, which operates in over 200 countries and serves more than 50 million people annually, is still in the early stages of its investigation.

The company is working to identify the full scope of affected customers but has not disclosed the exact number impacted. A spokesperson for MoneyGram, Sydney Schoolfield, declined to provide further details beyond the company’s official statement.

In response to the breach, MoneyGram took steps to contain and remediate the issue, including taking certain systems offline, which temporarily impacted their services. They have launched an investigation with the help of external cybersecurity experts and are coordinating with law enforcement.

MoneyGram has already notified U.K. data protection regulators as required by law, noting the possible international implications of the breach. The company has advised affected customers to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring their credit reports.

The company has not yet revealed how the breach occurred but is continuing its investigation into the nature of the cyberattack.

The company, a key chips supplier to various industries, including the defence sector, revealed that it detected suspicious activity within its IT systems on 17 August 2024.

After further investigation, it was determined on 19 August that unauthorised access had compromised several servers and impacted certain business operations.

As part of its response, Microchip Technology promptly isolated the affected systems, shut down others to prevent further breaches, and engaged external cybersecurity experts to conduct a thorough investigation. 

This breach has resulted in the company operating below its normal capacity, which has affected its ability to meet customer orders. The Chandler, Arizona-based firm is working diligently to restore its IT systems and return to full operational capacity, though the complete extent of the damage remains under investigation.

Microchip Technology is an important player in the semiconductor industry, providing smart, connected, and secure embedded control solutions to several sectors, including industrial, automotive, aerospace, and communications. 

With a customer base of around 125,000, the company’s products are essential to various applications, from consumer electronics to defence systems. The recent cyberattack questions probable disruptions in the global semiconductor supply chain, especially given the company’s indispensable role in this sector.

The timing of this cyberattack is particularly concerning as it follows a similar incident two months ago involving GlobalWafers Co., a Taiwanese chip-parts manufacturer. 

These events reveal the growing threat to the semiconductor industry, which is already under pressure due to global supply chain challenges deepened by the pandemic. Nations worldwide are recognising the importance of the chip industry, both for national security and economic stability.

Microchip Technology has assured stakeholders that it is taking all necessary measures to address the breach and mitigate its impact. 

However, the company has yet to determine whether the incident will have a material effect on its financial performance. 

Earlier this year, Microchip Technology received funding under the US Chips and Science Act to enhance semiconductor production, pointing to its important role in the industry.

Cyberattacks, data breaches and phishing attacks are on the rise and have become big concerns for businesses.

IT and security are the key enabling technologies for innovation, productivity and competitiveness in the 21st century. At the same time, cyber-attacks have grown increasingly prevalent and sophisticated.

Since 2004, the number of cyber-attacks and intrusions has increased by roughly 30% each year. In 2017 alone, there were over 1 billion data breaches reported. With such a large volume of data floating around, information security threats have real potential for worldwide impact.

Information technology, including the internet, is a rapidly growing field, in fact, new industries and companies are born almost every day due to the growth of this sector. While it saves time and allows companies to scale-up, the same benefit comes with its own set of risks. These risks are present in every aspect of life, but especially within the workings of modern companies. That’s why one must understand the dangers not to be taken for granted.

Although the amount of information on the web is increasing at a rapid rate, it still does not hold all the information in the world. Average people aren’t aware of this gap and therefore don’t know where to find what they’re looking for. Furthermore, sites can become obsolete and cease to exist, since they are just one element of the World Wide Web.

In the year 2022, information technology (IT) and security technology were two of our largest concerns. While none of these risks are at an end, we are seeing progress in many cases.

The current risks are: 

1. Cybercrime 
2. Data breaches 
3. Data theft 
4. Hackers 
5. Employees becoming victims of human error 
6. Employees using personal devices at work

The current information technology and security risks are the two most important threats. Domain name system (DNS) hijacking is a relatively new threat that has emerged during this period and can result in thousands of thefts where credit card numbers, bank account details, email addresses and much more are compromised each year.

Current and future risks are also associated with AI, the Internet of Things, blockchain technology and cloud services, cyber-attacks and ransomware.

Information Technology is becoming more and more important in people’s lives. It is used in many aspects of business and daily life, such as banking, buying products and services and even e-commerce.

NITDA Denies Govt’s Involvement in ‘National Startup Investment Fund Program’

Conclusion

The pressing and continuous security issues could endanger the country’s IT infrastructure and ICT infrastructures. Therefore, to ensure that our ICT system has a zero risk of cyber attack or privacy breach in 2022, we must continue applying patches and updates as well as putting procedures into place to keep out malicious hackers. Also, there needs to be an effective cyber defence strategy put in place by the government against all types of attacks from state-sponsored ones to those initiated by hacktivists and cyber criminals.

Cyberattacks are risks to your business. They can disrupt data availability and create vulnerability to privacy, reputation and revenue loss. You need to be aware of current cyber threat scenarios and make preparations to mitigate them such as having an Information Technology policy document in place that provides guidance on how to use technology efficiently.