Translate

Sunday, December 25, 2016

NIGERIA FACES GREATEST CYBER SECURITY THREAT EVER IN 2017



Nigeria cybercrime landscape is changing rapidly with threats actors growing in size, scope, complexity and capability over the past few years.  With no single line of budget for cyber security by Nigeria government, lack of implementation of cyber security strategy and policy, one wonders how Nigeria plan to cope with imminent cyber-attacks in 2017. When it comes to cyber attacks, it is not a matter of if, it is a matter of when. The greatest security threat Nigeria faces in 2017 is cybercrime having defeated terrorism with the liberation of Sambisa forest from the notorious Boko Haram.

The Nigeria 419 cybercrime gangs are now specialising in using advanced malware tools common with sophisticated criminals and espionage groups according to a November 2016 report released by Palo Alto Networks.  In June 2016, a 40 year old Nigerian ostensibly to be the ringleader of a global cybercrime network behind scams totalling more than $60m was arrested in Port Harcourt. He was accused of leading a network that compromised email accounts of small and medium-sized businesses around the world.  

There are so many unreported cases of cybercrime activities going on in the country which resulted in financial loss to organisations and individuals.  It has been estimated that Nigeria loses about N127 billion annually to cybercrime. Looking ahead, I have identified five cybercrime that will dominate Nigeria in 2017 based on the current trends. The top five cybercrime in no particular order are CEO Email Scam, Ransomware, Online Assisted Kidnapping, Cyber Bullying and Online Impersonation.
CEO Email Scam is a phishing scheme that targets businesses by spoofing their email or use social engineering to assume the identity of their CEO.  The cyber criminals achieve this by researching employees who are in charge of Finance and request a wire fraud transfer to fraudulent account claiming to be the CEO. CEO Email scammers use techniques known as business email compromise and business email spoofing. Business email compromise is the process of hijacking an email account or email server to intercept business transactions and redirect payments. Business email spoofing is sending spoofed email from an external account pretending to be a company executive authorizing an irregular payment transaction.

The New Year will also witness more ransomware than ever seen before in Nigeria. With the rise of ransomware-as-a-service, cybercriminals can now purchase a user friendly kit they could deploy with little or no cyber know-how from the dark web. A Ransomware is a type of malware that infects a machine when user clicks on a seemingly legitimate link and unknowingly downloads a malicious file. The virus will then encrypt the user's files, share drives and servers, leaving them inaccessible unless the victim pays for the decryption key usually in crypto currency.

That Kidnapping is on the rise in Nigeria is no news, what many people don’t know is that kidnappers are being assisted by their victims’ social media online activities and geolocation data on their smartphones.  Geolocation data is information that can be used to identify an electronic device's physical location. Using smartphones built-in global positioning system (GPS) functionality allows location-based services (or geo-location) to locate and publish information about smartphone owners’ whereabouts. Kidnappers have started using geolocation and geotagging to target their victims. Geotagging are pieces of information that can be attached to a tweet, status or photo on a social networking site that show the physical location of where something had been posted. Social media that have location geotagging implemented include Twitter, Facebook, Instagram and even Google+, amongst many others.

Cyberbullying will continue to rise in 2017. Cyberbullying is the use of internet to harass, intimidate or abuse a person or group with the intent to hurt them socially, psychologically or even physically. 2016 have seen some Nigerians going berserk by making online videos, publishing abusive post just to insult and harass their victims. It is not uncommon for people to circulate fake news about individuals or organisations on social media. With unrestricted access to internet via their smartphones coupled with several social media presence, teenagers have recorded highest number attacks by cyberbullies who are essentially their peers. 

Online impersonation is another top cybercrime to watch out for in 2017. Online impersonators can be classified into two categories based on their activities in Nigeria. The first category impersonates politicians and religious leaders on social media by creating fake profiles with the aim of scamming their victims. The second category usually creates fake profiles with attractive fake pictures so they can engage in what is called ‘romance scam’. The romance scam cybercriminals are mainly interested in targeting foreigners, claiming they are in love with them and establishing a love relation to be able
to swindle them.

2017 promises to be a busy year for cyber criminals in Nigeria as they up their game while Individuals, organisations and government will continue to play catch up game. Fighting cybercrime requires a collaboration of government, law enforcement agencies, private sector and general public. 


Remi Afon is the President, Cyber Security Experts Association of Nigeria (CSEAN)