As Nigeria moves to increase the use of digital tools across sectors through government’s digital economy agenda, the need to protect Nigerians online has become more profound. In that regard, the Nigerian Communications Commission (NCC) is leading the drive for cyber protection through the efforts of its Computer Security Incident Response Team (CSIRT), SAMSON AKINTARO reports

With over 144 million active internet connections as of February this year, there is no doubt that Nigeria’s digital economy agenda is gaining traction. More than ever before, many Nigerians are now online, while various transactions and engagements that hitherto took place physically have gone digital. This shift, though with lots of benefits, also has its dangers. More Nigerians are now exposed to cyber threats than before. Indeed, cyber security experts in the country have warned that the next pandemic could be in form of cyber-attacks. This is why the establishment of the Computer Security Incident Response Team (CSIRT) by the Prof Umar Danbatta- led Nigerian Communications Commission (NCC) could not have come at a better time. Since its inauguration in October last year, the CSIRT has lived up to expectations by regularly informing Nigerians of the latest cyber threats and reeling out security measures to protect them online.

Cyber threat

concerns According to the Cyber Security Experts Association of Nigeria (CSEAN), cyber threats will continue to increase in Nigeria and globally as more people go online. President of the Association, Mr. Remi Afon, who gave this warning, noted that while tech innovation is empowering forces behind booming businesses and growing economies all over the world, the increasing integration of digital technologies into almost all aspects of society is also exposing the country to many associated cyber threats. “In the last few months, there has been an astronomical increase in ransomware attacks worldwide and there is no sign that this will reduce in the next foreseeable future. “Ransomware damages are envisaged to cost the world $20 billion by 2021, which is unprecedented as it is 57 times higher than what it was in 2015, according to Cybersecurity Ventures,” he said. He added that digital transformation had resulted in rapid technological advances such as cloud adoption, blockchain implementation, use of cryptocurrencies,artificial intelligence, machine learning, IoT, 5G and data sciences, noting that the increase in the number of connected devices in recent years had resulted in the accumulation of data like never before. “At this rate, we are creating 2.5 quintillion bytes of data every day, thus the need for big data analytics. “With the pandemic ravaging global economy, adoption of remote working, reliance on IT, the recent acceleration in ransomware attacks, it becomes important to understand the role of cybersecurity in digital transformation,” he said.

CSIRT efforts

In its efforts to keep Nigerians abreast of these threats, CSIRT has been releasing regular updates on the discovery of new threats and measures to protect Nigerians online. In its latest public alert, CSIRT had raised an alarm over two new cyber threats targeting Windows platforms and a particular kind of router respectively. The first cyber threat is ransomware known as ‘Lokilocker,’ which is capable of wiping data from all versions of Windows systems or platforms. It causes data loss and denial of service (DoS), which reduces user productivity. “Lokilocker” is a relatively new ransomware that has been discovered by security researchers and belongs to the ransomware family. Lokilocker operates by encrypting user files and renders the compromised system useless if the victim does not pay the demanded ransom in time. “To hide the malicious activity, the ransomware displays a fake window update screen, cancels specific processes and services and completely disables the task manager, windows error reporting, machine firewall and windows defender of the compromised system. Sadly, it also has in-built processes that prevent data recovery as it deletes backup files, shadow copies, and removes system restore points. It also overwrites the user login note and modifies original equipment manufacturer (OEM) information in the registry of the compromised system,” the CSIRT said in the report. Thus, the NCC CSIRT stated: “To protect against infections by Lokilocker and similar ransomware, the best rule is to always have a backup copy of your data, which should be stored offline.” Additionally, CSIRT advised that “all downloads and email attachments should be opened with caution, even if they are from trusted sites or senders. Users should also ensure their attachments are scanned with an up-to-date antimalware solution, before opening.” The second cyberthreat recently discovered by the NCC CSIRT is a Botnet that targets the Microtik version of Routers. As CSIRT revealed, thousands of routers from Microtik, which have been found to be vulnerable, are being used to constitute what has been named one of the largest botnets in history. This botnet exploits an already-known vulnerability, which allows unauthenticated remote attackers to read arbitrary files due to a directory traversal vulnerability in the WinBox interface. The vulnerability, which was previously fixed, allows the perpetrators to enslave all the routers and then rent them out as a service. To be protected against this botnet, NCC CISRT advised users to update or apply the latest patches to their routers early, set strong router passwords, disable the administration interface of the routers from the public, stay away from illegitimate or cracked software versions of legitimate applications, and use decent antivirus software with in-built web-filtering, and apply the latest patches as soon as they arrive.

Other threats uncovered

Earlier, the team had uncovered several other threats, which included a newly- hatched malicious software that steals users’ banking app login credentials on Android devices. According to a security advisory from the NCC CSIRT, the malicious software called “Xenomorph,” found to target 56 financial institutions in Europe, has a high impact and high vulnerability rate. The main intent of this malware is to steal credentials, combined with the use of SMS and Notification interception to log in and use potential 2-factor authentication tokens. To protect themselves against this threat, the Commission advised telecom consumers to be on alert in order not to fall victim to this manipulation. Accordingly, NCC urged telecom consumers and other Internet users, particularly those using Android-powered devices, to use trusted antivirus solutions and update them regularly to their latest definitions. The Commission also implored consumers and other stakeholders to always update banking applications to their most recent versions. In another advisory, CSIRT had warned the public of the existence of another hacking group orchestrating cyberespionage in the African telecoms space. An Iranian hacking group known as Lyceum (also known as Hexane, Siamesekitten, or Spirlin) was reported to be targeting telecoms, Internet Service Providers (ISPs), and ministries of foreign affairs in Africa with upgraded malware in a recent politically motivated attacks oriented in cyberespionage. To guard against this kind of threat, NCC recommended that multiple layers of security, in addition to constant network monitoring, should be put in place by telecom companies and ISPs alike to stave off potential attacks.

Why CSIRT?

Speaking at the inauguration of the centre in October last year, Danbatta stated that considering the increasing growth in Internet usage, especially as a consequence of the outbreak of the pandemic, the Commission observed a rise in cyber incidents and criminal activities. “Thus, the Commission recognises that with the borderless nature and pervasiveness of these incidences, relentless and concerted attention is required to protect Internet users as well as the Critical National Information Infrastructure and ensure they are resilient,” Danbatta said. The EVC emphasised that the NCCCSIRT had been structured to operate within the framework of the National Cybersecurity Policy and Strategy (NCPS) and the National Digital Economy Policy and Strategy (NDEPS) to assist the Nigerian communications sector with the management and coordination of cyber security incidents and threats. He noted that CSIRT was established as a proactive step towards building the trust and safety needed for growing the digital economy. Also speaking at the event, Minister of Communications and Digital Economy, Isa Pantami, described the Centre as a strategic step in boosting cybersecurity in Nigeria, and commended the Board of NCC and Danbatta-led management of the Commission for ensuring the successful implementation of the project. Pantami noted that the commissioning of the facility marked an important milestone in the telecommunications industry in Nigeria, and described it as a significant measure in the support of national efforts at protecting the information and communication technology infrastructure in the country. “The creation of the Centre is in line with the provisions of the NCPS document published by the Office of the National Security Adviser (ONSA), which was recently updated and launched by President Muhammadu Buhari in February 2021. “In keeping with the principles enshrined in the policy, each sector is expected to establish a sectoral Computer Incident Response Team (CSIRT) that provides requisite services to the constituents within that sector,” the Minister said.

Last line

A digitally-driven economy, no doubt, comes with lots of benefits for the country and, of course, it is no longer a matter of choice, but a necessity for Nigeria. This is why the efforts of CSIRT are quite commendable and should be sustained.

