5 min read
Summary: A close examination of the state of information technology in Nigeria, particularly the cybersecurity space, reveals a country that has had to deal with a variety of cybercriminal operations. This is largely due to the continued adoption of new IT tools, the COVID 19 pandemic occasioned expansion of the virtual world and the EndSARS protest which offered cybercriminals the opportunity to hack cooperate organizations’ websites. In 2021, these cyber-attacks are set to even continue in different areas of IT. Such cybercrimes projected to increase in 2021 include; Web Application and Services Attacks, Ransomware, Phishing, Identity Theft, Fake News and Hate Speech, Cybercriminal Recruitment, Crypto-jacking, and Children-Targeted Attacks.
A critical look at the trend in Information Technology in Nigeria, particularly on the cybersecurity ecosystem, shows a nation that had to contend with various malicious activities of cybercriminals.
This was also traced to a continuous increase in the adoption of IT tools. For instance, significant growth in the number of mobile (GSM) and Internet subscribers was recorded,. In the same vein, there was increased adoption of cryptocurrencies by Nigerians.
Regrettably, for cybercriminals, non-state actors, those aforementioned milestones presented new opportunities and vectors, in addition to existing ones, to perpetrate malicious activities against individuals, businesses, and governments. In reality, the situation in Nigeria was not different from the rest of the world. Globally, cybersecurity intelligence reports have revealed that cybercriminals, last year, advanced their capabilities and deployed more sophisticated tools and techniques.
One of the main factors that transformed the global digital landscape was the COVID-19 pandemic which led to a rise in the use of digital technologies. Private and public establishments were forced to acquire and deploy technologies that would enable them to work remotely, to reduce the impact of the pandemic on their businesses. Many educational institutions adopted an online form of teaching as a coping mechanism, to forestall disruption in the delivery of educational services to students.
In addition to the economy-crippling COVID-19 pandemic, the dark forces of the online world also leveraged the #EndSARS protests in the country. This led to a rise in hacktivism. While some protesters marched relentlessly on the streets, others took their demonstration to the virtual world. As many government ICT infrastructures were torched in the process, some were virtually hacked.
While these trends present enough experience for both individuals and corporate organisations to prepare against a recurrence in 2021, there are likely going to be an increase of hacktivism this year going by emerging trends.
According to President of Cyber Security Experts Association of Nigeria, CSEAN, Mr. Remi Afon, “we expect that some of the prevalent cyber threats will continue in 2021. This is predicated upon several factors. The COVID-19 pandemic remains unabated. Nigeria is currently experiencing a second wave of the virus. The #EndSARS protests have only subsided; they can erupt again at any time.
Presently, many are disgruntled against the government for targeting some of the protesters and their sponsors. The recent directive by the federal government for SIM cards to be linked to the national identity number (NIN) presents a new platform for cybercriminals to further perpetuate their activities” he added.
He said a knowledge and research team of his association, following current trends compiled some threats that may threaten Nigeria’s economy in 2021 and what the country should do to avert them.
Top Cyber threats include: Email-Based Attacks: These include Business Email Compromise (BEC) and the various categories of advance free fraud attacks. Further, emails are used as a vector by attackers for propagating other scamming, phishing, and malware attacks. We predict that the prevalence of these email-based attacks will continue in 2021. Attackers will attempt to engage COVID-19 and NIN-SIM-registration themes to deceive unsuspecting targets.
Web Application and Services Attacks: These consist of attacks aimed at exploiting the vulnerabilities or weaknesses of web applications and services. Attacks to watch out for include website defacement, public cloud data exposure, and data leaks. The top causes of such attacks will be the exploitation of security gaps in misconfigurations and stolen credentials.
The case of website defacement will be due to the activities of hacktivists in response to the actions and inactions of the government in respect of the #EndSARS protests. More government-related websites and web apps and services, and those of their sympathizers, will be targeted.
Malware: Existing, new variants of existing, and novel malware will be deployed by malicious actors against information systems belonging to individuals, organizations, and government. Mobile malware threats will increase. Ransomware will remain widespread.
Phishing: Phishing attacks will become more targeted. Criminal actors will employ COVID-19- and NIN-SIM-Registration-themed phishing emails by impersonating government, health authorities and SIM registration sites to deceive targets into revealing sensitive information.
Identity Theft: This is the threat of deceptively obtaining or illegally acquiring personal identifiable information to commit fraud. Attackers will rely on phishing and other social engineering attacks, skimming, shoulder surfing, and dumpster diving to acquire sensitive information about their targets.
Fake News and Hate Speech: The intentional and unintentional propagation of fake news and hate speech will increase. While these are not directly cyber threats, they are often propagated via online media such as social media platforms. Senders will prey on the widespread disillusionment among Nigerians due to the unabating COVID-19 pandemic, the unfavorable economic situation being experienced in the country, and prevalent discontentment with the government’s response to the economic challenges.
Children-Targeted Attacks: Due to the lockdown, occasioned by the COVID-19 pandemic, many schools have adopted online teaching. This implies that students are bound to spend more time online, compared to how long they stayed online pre-pandemic. Cybercriminals will seek to exploit this by launching attacks targeted at kids. Attacks to watch out for include cyberstalking, cyber predation, and cyber grooming.
Cryptojacking: More Nigerians are becoming aware and are adopting cryptocurrencies. Consequently, more cryptojackers who engage in the malicious mining of cryptocurrencies using victims’ computers or mobile devices without the knowledge of the victims are predicted to emerge.
Cybercriminal Recruitment: In 2020, many youths were forced to stay at home due to COVID-19 and a prolonged ASUU strike. Considering the 2nd wave of the pandemic and the newly discovered variants of the COVID virus, another stay-at-home order in 2021 looks likely. Moreover, the pandemic has led to job loss for many. These challengers provide exploitable opportunities for cybercriminals to lure idle and jobless youths. So, we expect the recruitment drive by cybercriminal actors to rise in 2021.
The Way Forward
*The publication and implementation of the recently reviewed national cybersecurity policy and strategy documents.
*Efforts should be made by the government and corporate entities to improve the security of their IT assets. Organizations leveraging on IT should update their internal security policies and procedures and adhere to best security practices.
*The President should as a matter of urgency assent to the Data Protection Bill 2019 as passed by the National Assembly in May 2019.
*The government should provide adequate information on COVID-19 and the linking of SIM cards to NIN. Lack of information can easily be exploited by criminal actors to deceive the uninformed. Access to relevant information should be easy and free for citizens.
*Continuous education of citizens on the activities of cybercriminals, using the various media, is crucial.
*Efforts must be made by parents and guardians to ensure the online safety of their children and wards, respectively. It is important for parents and guardians to monitor the activities of and moderate the time spent by their children and wards, respectively, while online.
*Also, on the protection of the kids online, schools should ensure the technologies i.e software and hardware they deployed can effectively support learning without compromising the online security of their students.
• The recently revised national cybersecurity policy and strategy documents’ publication and execution would be a first step at regulating cybercrime in the country.
• Government and corporate entities should take measures to enhance the security of their IT assets. Organizations that rely on technology should keep their internal security policies updated, as well as follow best security practices.
• There is an urgent need for the President to sign the Data Protection Bill 2019, which was enacted by the National Assembly in May 2019.
• COVID-19 and the linkage of SIM cards to NIN should be adequately explained by the government. Criminal actors might easily take advantage of a lack of information to deceive the uninformed. Citizens should have quick and free access to pertinent information.
• In addition, schools should verify that the technologies they install, such as software and hardware, can successfully support learning without jeopardizing their students’ online security.
• It is critical to continue to educate citizens about cybercriminal activity through various media platforms.
• Parents and guardians must make efforts to safeguard the online safety of their children and wards, respectively. It is critical for parents and guardians to keep an eye on their children and wards’ internet activity and to limit the amount of time they spend online.
About the Author: Prince Osuagwu is the Head of the Hi-Tech desk at Vanguard Newspapers.
Keywords: Cybercrime, 2021, Hacktivism, Covid19, EndSARS, Security, Internet, Information technology