According to research carried out by cyber security firm: threat cloud, over 4 million attacks occur on a daily basis around the world. In this article, we will highlight and discuss common cyber attacks you may experience.

Attack 1: Malware

Malware or malicious software is a set of programs designed by cyber criminals to destroy computer systems, gain unauthorized access, and steal data from a system.

Malware can be classified into viruses, spyware, adware, worms, and Trojans. Let’s have a quick look at the types of malware:

Virus: A virus is a type of malware that causes harm to your computer system by slowing it down, and corrupting files.

Spyware: This refers to software that steals your private information, and sends it to a third party without your knowledge. Just like a spy, it’s hard to detect and transfers sensitive data to end users who can use it to defraud you.

Adware: Adware, also referred to as advertisement-supported software, displays unnecessary ads while you are surfing the internet. Adware is usually obtained when you unknowingly install a free app on your system that contains adware.

The ads popup so frequently that you can mistakenly click on them, and since some of them are laced with malicious links, you can mistakenly download a virus, without even knowing.

Worms: Once a worn finds its way into your device, it replicates itself with the aim to corrupt other computer systems. It is different from the virus as it doesn’t have to be attached to any software to cause damage. 

Trojan: Trojan is a malicious software program that seems legitimate, but when installed, causes damage and data loss to the computer system. The National Information Technology Development Agency (NITDA) has discovered two recent malware in Nigeria: ‘Flubot Spyware’ and ‘Saint Bot Malware’.

Flubot Spyware targets Android devices and sends fake security updates or app installations in the form of SMS. Unsuspecting Android users who install the spyware have their bank login details stolen which leads to financial loss.

Also, Flubot gains access to the contacts of such phones and sends similar SMS to them.

Saint Bot Malware is sent to the mail with a .zip file that masquerades as a Bitcoin wallet but in reality, it is a PowerShell script. Once the file is opened, malware is downloaded into the system. NITDA advises as a precaution you should always download software from the official website of the company offering it.

Attack 2: Phishing Attack

Phishing is a cyber-attack whereby scammers pose as a credible organization to collect personal information from you.

This cyber attack could be in the form of a text, email, or phone call. Phishers compose enticing messages that convince you to disclose your personal information. A phishing attack must be well thought out to ensure its success.

Planning a phishing attack usually involves the cybercriminal conducting social engineering on you, to profile you and find out what you are interested in. The phishing process is as follows:

• Preparing the hook: preparing a fake website example a fake Facebook login page

• Baiting: sending the fake login page to you via a link in an email, and urging you to act urgently

• Redirecting: once you take the bait and try to login, your credentials are harvested by the cybercriminal and you are redirected to the original Facebook page, so you don’t suspect anything

Attack 3: Malvertising

Malvertising, also known as malware advertising, uses online advertising to spread malware to users of a website. The attackers create malicious ads with JavaScript embedded which makes it difficult to differentiate them from legitimate ads.

Such ads are displayed on your system like the real ones. They are usually composed in an enticing way to make you click on them. Investment scams are notorious for malvertising as cybercriminals pose as fund managers, stockbrokers and some even claim to be online forex brokers to lure you in with promises of trading on a mobile app with zero risk and huge returns.

The common scam ads is related to forex trading apps that promote in Nigeria without regulation.

There are only a few Tier-1 regulated brokers that offer their forex trading apps in Nigeria on mobile via iOS & Android. But many unregulated & offshore forex brokers promote their apps mostly via JavaScript ads on popular illegal websites visited by Nigerians, but these are unsafe for users.

While advertising is not bad, you should not take investment advice from random unsolicited popups.

Endeavour to visit the Securities and Exchange Commission (SEC) website to verify any investment you come across online before committing your funds.

Attack 4: DDoS Attacks

A Distributed Denial of Service (DDoS) attack is an attempt to slow down a server or network by bombarding it with traffic. Simply put, DDoS prevents a server from attending to its users by overloading it with excessive data. When a server is too congested, it results in denial-of-service to the real users.

DDoS attacks are carried out with computers and devices that have been infected with malware. The hacker sends an instruction to these compromised systems and devices, also known as a botnet.

The botnet attacks a targeted IP address when instructed and causes the server to lag. The targeted network would be unable to serve its legitimate users. It is always difficult to separate the attack traffic from the legitimate traffic since the botnet is a real internet device.

Attack 5: Man in the Middle (MITM) Attacks

Man in the middle (MITM) attack is a cyber attack in which an attacker interrupts an existing conversation or data transfer. The attacker either eavesdrops or pretends to be a legitimate party, and steals private information from the victim.

A MITM attack undergoes two phases: interception and decryption. An attacker creates a Wi-Fi hotspot without a password and waits for victims to join the network.

Anyone who joins such a network grants the attacker access to any data they share online. This is known as an interception. This interception can be done via DNS, IP, and ARP spoofing.

Once the attacker gets in the ‘middle’ of the victim and his destination site, he steals the victim’s data. The victim’s data is usually encrypted, so he has to decode the data in order to use it (decryption). This decryption is done via HTTPS spoofing, SSL high jacking, & SSL spoofing.

MITM attacks are done very quickly without the knowledge of the victim. The attackers use the data collected to defraud the victim, for example, wipe his bank account balance.

Attack 6: Drive by Download

Cybercriminals make use of this method to introduce further malware to their victim’s system. You may be unaware of the malicious download since you don’t have to download any program.

A drive-by download is unique because you don’t have to download any program or open any attachment for it to be activated. So how does drive-by download work?

The drive-by download takes advantage of unsecured and outdated apps, web browsers, and operating systems.  You can be attacked by drive-by download in two ways:

• Authorization without complete information about an action: This happens when you either click a fake link or download a Trojan. You are ignorant about the consequences of such action thus, introducing drive-by download into your computer.

• No authorization and notification: Drive-by download creeps into your computer or mobile device without notification due to an outdated web browser or browsing on an infected website.

Attack 7: Password Attacks

A password attack is an attempt by cybercriminals to steal your password. According to research by cloud nine, 80% of breaches are connected with password issues. 

Cybercriminals devise several techniques to steal legitimate passwords which include phishing, key logging, and dictionary password attacks among others.

Firstly, Key logging is a process in which a hacker records keystrokes made on your keyboard after he installs a key logger in your device. A key logger is malicious software that, when installed, captures your keystrokes and sends them to the hacker. A key logger can also be a hardware device connected to your USB port, so a routine inspection of your computer is in place. 

Secondly, dictionary password attacks are carried out by guessing words and phrases that a user would likely use as passwords. Hackers have software that use every word in the dictionary, combined with phrases and numbers, to predict your password.

Attack 8: Rogue Security Software

Rogue security software is a malware that deceives its victims to think that they have a virus on their computer and offers a solution in the form of antivirus.

Unsuspecting victims pay and download the antivirus software. The ‘antivirus’ introduces malware into the system.

Protect your PC/Mobile Device

• Don’t open any attachments you are unsure of.
• Your password should include letters, numbers, and special characters in upper and lower case.
• Ensure that you update your apps and web browsers regularly.
• Use an ad blocker.
• Check email addresses to make sure they are from the right sources.
• Use internet security software on your devices.
• Add a password to your Wi-Fi hotspot.

The fact that car remotes are categorized short range devices that make use of radio frequency (RF) to lock and unlock cars informed the need for the Commission to alert the general public on this emergent danger, where hackers take advantage to unlock and start a compromised car.

Dr. Ikechukwu Adinde, Director, Public Affairs at NCC cited the latest advisory released by the Computer Security Incident Response Team (CSIRT), the Cybersecurity Centre for the telecom sector established by the NCC, stating that the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.

“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly. The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,” the advisory stated emphatically.

However, the NCC-CSIRT, in the advisory, has offer some precautionary measures or solutions that can be adopted by car owners to prevent falling victim to the attack.

According to the cyber-alert unit of the Commission, “When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter. Additionally, vulnerable car users should store their key fobs in signal-blocking ’Faraday pouches’ when not in use.”

Importantly, car owners in the stated categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal due to the fact that criminals would need to be at close proximity to carry out their nefarious acts.

The PKE is an automotive security system that operates automatically when the user is in proximity to the vehicle, unlocking the door on approach or when the door handle is pulled, and also locking it when the user walks away or touches the car on exit.

The RKE system, on the other hand, represents the standard solution for conveniently locking and unlocking a vehicle’s doors and luggage compartment by remote control.

Additionally, in a related advisory, the NCC, based on another detection by CSIRT, wishes to inform the general public about the resurgence of Joker Trojan-Infected Android Apps on Google Play Store.

This arose due to the activities of criminals who intentionally download legitimate apps from the Play Store, modify them by embedding the Trojan malware and then uploading the app back to the Play Store with a new name.

The malicious payload is only activated once the apps goes live on the Play Store, which enables the apps to scale through Google’s strict evaluation process. Once installed, these apps request for permissions that once granted, enable the apps to have access to critical functions such as text messages and notifications.

As a consequence, a compromised device will subscribe unwitting users to premium services, billing them for services that do not exist.

A device like this can also be used to commit Short Messaging Service (SMS) fraud while the owner is unaware.

It can click on online ads automatically and even use SMS One Time password (OTPs) to secretly approve payments. Without checking bank statements, the user will be unaware that he or she has subscribed to an online service. Other actions, such as stealing text messages, contacts, and other device data, are also possible.

To avoid falling victim to the manipulation of hackers deploying Joker Trojan-Infected Android Apps, Android users have been advised to avoid downloading unnecessary apps or installing apps from unofficial sources.

The NCC also wishes to advise telecom consumers to ensure that apps installed from the Google Play Store are heavily scrutinized by reading reviews, assessing the developers, perusing the terms of use and only granting the necessary permissions.

Conclusively, the NCC recommends that unauthorised transactions be checked against any installed app.

Indeed, any apps not in use should be deleted while users are also advised to ensure that a device is always patched and updated to the latest software.