Nigerian companies lost $550M to cyber-criminals in 12 months

Nigerian businesses lost slightly more than half a billion US Dollars in the last twelve months to cyber criminals, a new pan African cyber intelligence report reveals.


The Nigeria Cyber Security Report 2016, which is expected to be launched next week at the eNigeria Conference and Expo in Abuja was researched, analysed, compiled and published by Kenyan based Serianu in partnership with Nigeria’s Demadiur Systems and the United States International University (USIU)’s Centre for Informatics Research and Innovation (CIRI).
The report is said to be the first of its kind in Nigeria, as it sheds light on the impact that cybercrime has had on local businesses.
Speaking on the report, Serianu’s Managing Director, Mr. William Makatiani said that in developing the research, the firm’s Cyber Threat Intelligence Team reviewed publicly and privately available data from individual industries and performed interviews of business leaders and IT security practitioners.
Makatiani noted that the Nigeria Cyber Security Report 2016 established that the annual cost of cybercrime to Nigerian business is close to Naira 173,387,500,000 (USD550 Million).  To illustrate this further, the report reveals that more than half (56.3%) of Nigerian businesses remain exposed to cyber-attacks.
“A vast majority of these companies and organizations are not even aware of the threats that they are exposed to from criminals, who are always trawling the Internet for firms to raid,” said Makatiani.
According to The Nigeria Cyber Security Report 2016, systems found to be most at risk were MikroTik routers, Apache HTTPD web servers, IIS Servers and Cisco routers. The most vulnerable applications identified were exchange servers and those running Microsoft Outlook Web Applications emerged as the most common.
The report warns that security breaches, especially those perpetrated by internal staff are becoming more sophisticated. Effectively, it took up to one year to detect an external cyber-attack and resolve it.  The average time taken to detect an external attack in a typical organisation in Nigeria was 260 days and another 80 days to resolve the attack. The report reveals that it in many organizations, it took them nearly two years to detect and resolve malicious insider attacks. This especially apparent in organisations that had not invested in cyber security products that facilitate anticipation, detection, recovery and containment of cybercrime.
Makatiani explained that many of organizations had been found to maintain administrative interfaces viewable from anywhere on the Internet and that their owners had failed to take preventive cautionary measures, including changing manufacturers’ default passwords. During the study, the research team came across a total of 100,000 Internet routers and cameras publicly accessible to anyone who could get to them via the Internet.
Ikechukwu Nnamani, President of Demadiur Systems and the local research lead, added that Nigeria as a country has not yet established any process to track and capture cyber criminals.
“To counter this situation, Nigerians installing these Internet access systems in their homes/office networks must work with cyber security experts to ensure that they are not exposed. Similarly, companies need to raise their degree of vigilance with the IT teams required to invest more time and resources in auditing their entire systems and establishing modalities to reduce breaching incidences,” said Nnamani.

Oracle buys cyber attack target Dyn

Oracle plans to enhance its offerings with Dyn's expertise in monitoring, controlling, and optimizing cloud-based internet applications and managing online traffic (AFP Photo/Justin Sullivan)

Oracle plans to enhance its offerings with Dyn’s expertise in monitoring, controlling, and optimizing

 cloud-based internet applications and managing online traffic (AFP Photo/Justin Sullivan)

Oracle on Monday announced it is buying Dyn, a Web traffic management firm recently hit with a cyber attack that closed off the internet to millions of users.

Business software and hardware titan Oracle did not disclose financial terms of the deal to acquire US-based Dynamic Network Services Inc, or Dyn.

Oracle planned to enhance its own offerings with Dyn’s expertise in monitoring, controlling, and optimizing cloud-based internet applications and managing online traffic.

“Dyn’s immensely scalable and global DNS is a critical core component and a natural extension to our cloud computing platform,” Oracle product development president Thomas Kurian said in a release.

Dyn was the target of cyber attacks that pounded the underpinnings of the internet in October, crippling Twitter, Netflix and other major websites with the help of once-dumb devices made smart with online connections.

The onslaught incapacitated a crucial piece of internet infrastructure, taking aim at a service entrusted to guide online traffic to the right places by turning website names people know into addresses computers understand.

The hacker was probably a disgruntled gamer, an expert whose company closely monitored the attack said last week.

Dale Drew, chief security officer for Level 3 Communications, which mapped out how the October 21 attack took place, told a Congressional panel that the person had rented time on a botnet — a network of web-connected machines that can be manipulated with malware — to level the attack.

Using a powerful malicious program known as Mirai, the attacker harnessed some 150,000 “Internet of Things” (IoT) devices such as cameras, lightbulbs and appliances to overwhelm Dyn systems, according to Drew.

Dyn has more than 3,500 customers including Netflix, Twitter, and CNBC, making tens of billions of online traffic optimizing decisions daily, according to Oracle.

Cyber Security: Facebook Unveils Online Safety Centre

Facebook worked with partners including the International Center for Leadership Development in Nigeria and Watoto Watch Network in Kenya to bring its safety resources to life and address local communities Just two months after Facebook CEO Mark Zuckerberg traveled to Nigeria and Kenya to meet with developers, partners, and entrepreneurs, Alex Stamos, Chief Security Officer at Facebook, gave a keynote address at the CyberXchange (http://Cyberxchange.com) security conference in Lagos, Nigeria about the company’s approach to keeping people safe and making the internet more secure for everyone. Keeping you and your information safe is a core part of helping our community grow, connect, and support each other.
Stamos addressed an audience of security industry professionals, researchers, and students who gathered to discuss solutions to cybersecurity challenges in Nigeria and around the world. He explained that Facebook builds security protections to help keep people safe even under non-ideal circumstances that security professionals often overlook—such as weak password usage or running out-of-date devices. Facebook performs automated checks to help detect suspicious logins to protect people’s accounts, and they ship their own cryptography with their mobile app to make people more secure on those devices.
He also stressed the importance of consumer awareness around safety and security to protect people’s information and help them feel comfortable being themselves online. Nigeria officially recognized National Cyber Security Awareness Month in October, underscoring the need to educate the public about how to protect themselves. This focus on awareness is at the heart of Facebook’s newly redesigned Safety Center (https://www.Facebook.com/safety), an engaging resource to help people get the information they need about controlling their information and staying safe.
“People come to Facebook to share important and personal moments in their lives. That’s why we build our services and tools to help people remain in control and protect their accounts. We always have to consider the situations in which our technology will be used so that we can offer people the best security and safety for what they need,” said Stamos.
The new Safety Center walks people through the tools Facebook offers to control your experience, as well as numerous tips and resources for safe and secure sharing. The Safety Center is available in over 50 languages, works well on mobile devices, and includes step-by-step videos on a variety of popular safety topics. Facebook worked with partners including the International Center for Leadership Development (http://ICDLng.org) in Nigeria and Watoto Watch Network (http://WatotoWatchNetwork.org) in Kenya to bring its safety resources to life and address local communities.
This update also brings the Bullying Prevention Hub to everyone on Facebook. The Hub is a resource for teens, parents and educators seeking guidance on how to prevent and address bullying. Developed with the Yale Center for Emotional Intelligence in 2013, Facebook now works with nearly 60 partners around the world to make the Bullying Prevention Hub more widely available.
For Facebook, making the world more open and connected also means keeping people and their information safe. Check out the new Facebook Safety Center today.

Cybersecurity incidents on rise in India

Cyber attacks in India have risen drastically and cybersecurity watchdog Indian Computer Emergency Response Team (CERT-In) has tracked that around 39,730 cyber incidents have taken place this year till October.

The information was provided by IT and Law Minister, Ravi Shankar Prasad on Wednesday (November 16) in the lower house of the parliament where he commented that over the period the nature and pattern of cybercrime have become more sophisticated and complex which include phishing, scanning and probing, website intrusions and defacements, virus and malicious code, Denial of Service attacks among others.

Though the CERT-In report suggests that there has been a decline in cyber security incidents from 2014 which had 44,679 incidents to 2016; the NCRB data reports an increase in registered cyber crime cases from 2013-5,693 cases to 2015-11, 592 cases.

"As per current trends, the cyber attacks observed on networks/systems in Indian cyberspace are observed to be directed from cyberspace of different countries including Pakistan," said, Prasad.

Junior Minister of IT and Law, P.P. Chaudhary said that in order to imminent the threats from other countries, “periodic scanning of cyberspace is carried out” adding that various other steps in the form of legal framework, emergency response, awareness, training, legal framework and implementation of best practices to prevent occurrences of cyber breaches are being carried out.

In order to implement the preventive steps, “the government has initiated the setting up of National Cyber Coordination Centre (NCCC) to generate necessary situational awareness of existing and potential cyber security threats and enable timely information sharing for proactive, preventive and protective actions by individual entities. In addition, the CERT-In is also setting up a Botnet Cleaning and Malware Analysis centre for detection of malware infected systems and notify, clean and secure systems of end-users to prevent further infections.

PDS website in Kerala hacked, affected over 34 million people

 An Indian hacker living in Tokyo hacked the Public Distribution System's website  of the  Indian state of Kerala and published them on Facebook. The breach has affected over  34 million people of the state.

The breach was informed  when the hacker hacked the Kerala government’s civil supplies department website and published the  confidential data of all of Kerala’s 8,022,360 Public Distribution System (PDS) beneficiaries and their family members on Facebook.

The hacked database reveals names, addresses, birth dates, gender, monthly incomes, electoral card details, consumer numbers of power and cooking gas connections. This leak is considered as the biggest breach in the world.


According to the cyber security expert in Dubai,“The data could be used to duplicate SIM cards or reset net banking passwords. It’s very serious.”

The hacker is working with a Tokyo-based IT consultant N.T.R. He hacked the website (civilsupplieskerala.gov) to  expose the security flaws in the site after  he got tired  to draw the attention of officials  towards the flaws in the website. The website is designed, developed and hosted by India’s National Informatics Centre (NIC).

“I wrote to the NIC several times pointing to the vulnerabilities and even called the civil supplies office warning them about a possible breach, but they ignored me. I had no option but to make the information public in a Facebook post,” N.T.R., a native of Thiruvananthapuram, said from Tokyo.

According to reports, the Kerala government had put the list online so that residents could verify their personal data and apply for corrections before new ration cards are printed in 2017.

“It was foolish on their part to put all ration card numbers on the website. All I had to do was make a data set of these numbers and then fetch the corresponding data for each number. It was simple as the security methods on the website were primitive. It took me just one week to access and transfer around 100GB of data. I am appalled no one raised the red flag despite the fact that I used the same IP address to make over 30 million requests,” said N.T.R.

Hack the Army: US military begs white hats to sweep it for bugs

Security experts reckon the US government’s newly unveiled "Hack the Army" bug bounty programme may usher in greater co-operation across the whole arena of security research.
The US Army will offer cash rewards to hackers who find vulnerabilities in selected, public-facing Army websites under the scheme, which builds on the US military’s previous "Hack the Pentagon" programme.
The Hack the Pentagon programme gave security researchers the chance to earn money by finding bugs on static websites that “weren't operationally significant as targets”.
Hack the Army goes one step further by inviting security researchers to look for flaws in websites that offer dynamic exchanges of personal identifiable information, sites considered central to the Army's recruiting mission.
Chris Lynch, the US Department of Defense's head of Digital Service, said: ”Hack the Army [will show] that bringing in creative hackers from a wide variety of backgrounds can fundamentally improve the way we protect our soldiers and secure our systems."
Army Secretary Eric Fanning added: ”We're not agile enough to keep up with a number of things that are happening in the tech world and in other places outside the Department of Defense. We're looking for new ways of doing business."
The Hack the Army programme will be usher in a new vulnerability disclosure policy.
“This policy makes me optimistic about the prospects for free and open security research,” said Tod Beardsley, senior security research manager, Rapid7, the firm behind the Metasploit penetration testing tool. “Instead of criminalising curiosity, this policy recognises the valuable contributions of the security experts when it comes to vulnerability discovery and disclosure.
“Adopting this policy goes a long way to legitimise the act of security research across all websites. Hackers the world over can point to this policy to help get other organisations, large and small, to recognise the reality that good faith efforts to ‘see something, say something’ has positive and immediate benefits when it comes to internet security,” he added. ®
HackerOne, a security consulting firm under contract with the Pentagon, will invite security researchers and bug hunters to participate in the Army challenge. US government civilians and active duty military personnel will also be authorised to participate. Registration for the program opened on Monday via https://hackerone.com/hackthearmy.
A full list of Army websites and databases that bug hunters will be permitted to hack under the program will be provided to registered and invited participants.

Cash-spitting ATM malware blamed on Cobalt hacking gang

A security firm has accused a computer criminal collective called the Cobalt Group of having perpetrated ATM malware attacks across Europe.
In a report, the Russian security firm Group-IB names Cobalt as the most likely hacking gang behind a series of attacks that compromised ATMs in 14 countries, including the Netherlands, Poland, Romania, Russia, Spain, and Britain.
Group-IB based the name they have given the hacking gangs off "Cobalt Strike," a penetration testing tool which helped the attackers leverage banking computers infected by malicious emails to access specialized servers that control ATMs.

From those compromised servers, the Cobalt gang conducted what are known as "touchless jackpotting" attacks. The group essentially commanded the target ATMs to spit out cash, but it did so without physically manipulating the terminals. Everything was done remotely in a logical (i.e. malware), not a physical, attack.
Cobalt knew what it was doing, too. Sometimes, all it took was ten minutes for the threat actor to gain control over a financial organization's banking network.
Unfortunately, we don't know a lot about the Cobalt group at this time. According to Reuters, Group-IB thinks the group is connected to another computer criminal group called Buhtrap based upon the two collectives' use of similar tools and techniques.
Buhtrap stole 1.8 billion rubles ($28 million) from Russian banks from August 2015 to January 2016. It is believed to have done so using fraudulent wire transfers and not logical attacks.

To be sure, Cobalt isn't the only group that has targeted banking infrastructure.
Cobalt's attacks constitute part of a growing crime wave against financial organizations, a surge which has included the use of malware to infect ATM hard disks and issue fraudulent money transfers via the SWIFT secure messaging provider.
Dmitry Volkov, Head of the Investigation Department and the Bot‑Trek Intelligence service, is concerned about the growing threat malware poses to banks. That's why he's urging financial organizations to upgrade their defenses against logical attacks:

"Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being 'on the radar' of security services. That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly."

The best way banks can protect themselves against malware attacks is by placing their ATMs inside a building that's in full-view of a security camera. That won't deter a determined criminal, but it will certainly raise the stakes for attackers with more to lose.
Banks should also train their employees to be on the lookout for common threats like targeted attacks. It sounds like Cobalt likes to use malicious email attachments exploiting Microsoft Word vulnerabilities to gain a foothold into a target organization's network.
If employees know how to spot suspicious emails, a group like Cobalt won't be able to access an organization's ATM servers. They will therefore need to conduct their attacks locally, which is certainly more risky.
Just as an added layer of defense, banks should also use email filters and blacklists to reduce the chance that malicious emails will ever reach their employees.