How to handle cyberattacks
By Temitayo Jaiyeola
TECHDIGEST – Nigeria loses about $500m yearly to cyberattacks, according to the Nigerian Communications Commission.
In a recent report, the Senior Manager of Cyber Risk Services at Deloitte, Ms Funmilola Odumuboni, disclosed that a cyberattack occurs every 39 seconds. She added that cybercrimes have increased by nearly 300 per cent since the onset of the pandemic.
A recent study by Sophos disclosed that 71 per cent of Nigerian organisations were victims of ransomware in 2021 while 44 per cent of those affected firms had to pay ransoms to get their data back.
To combat the rising spate of cyberattacks in the country, the NCC’s Centre for Computer Security Incident Response issues advisory as the need arises to Nigerians.
At the launch of the centre, the Executive Vice Chairman of NCC, Prof. Umar Danbatta, said, “Thus, the commission recognises that with the borderless nature and pervasiveness of these incidences, relentless and concerted attention is required to protect Internet users as well as the Critical National Information Infrastructure and ensure they are resilient.”
According to Kaspersky, a cybersecurity firm, cybercrime represents an ongoing risk to individuals, organisations and governments globally.
READ ALSO: NITDA, Uniccorn Sign MOU To Promote Indigenous Technologies
It stated that research had shown that there were 50 per cent more attack attempts on corporate networks in 2021 than in 2020. As well as the financial losses caused by cybercrime, there are less tangible costs for businesses – such as reputational damage and reduced consumer trust.
Defining what a cyber attack is, the firm said, “A cyber attack is an attempt by cybercriminals to disable computers, steal data, or use a breached computer system to launch additional attacks.
“Cyber attacks have become more sophisticated in recent years and, as a result, cyber attack prevention is essential for every individual and organisation.
“Cybercrime is based upon the effective exploitation of vulnerabilities. Security teams are at a disadvantage because they must protect all possible entry points, while attackers only need to find and exploit one weakness or vulnerability. This imbalance favours attackers, which means that even large organisations can struggle to prevent cybercriminals from gaining access to their networks.”
Cybercriminals can use any internet-connected device as a weapon, a target or both, which means individuals and businesses of all sizes are at risk.
According to ICT expert and Senior Partner of e86 Limited, Olugbenga Odeyemi, “We are witnessing more cyberattacks and this is related to the growth we are seeing in the area of technology.
“More businesses are coming online, operating remotely and setting up technology infrastructures that were not desired a few years ago. It is that growth that is leading to more attacks and the sophistication of such attacks.”
Explaining the types of cybersecurity attacks, Kaspersky, in a blog post wrote:
Malware or malicious software is an umbrella term which refers to intrusive programs designed to exploit devices at the expense of the user and to the benefit of the attacker.
There are various types of malware, but they all use techniques designed not only to fool users but also to evade security controls so they can install themselves on a system or device covertly without permission. Some of the most common types of malware include:
Ransomware – the use of extortion software that can lock your computer and then demand a ransom for its release.
Trojans – a type of malware that typically gets hidden as an attachment in an email or a free-to-download file, and then transfers onto the user’s device. Trojans are capable of gathering sensitive user data, including credentials, payment information, and more.
Spyware – It is the use of software that enables an attacker to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive. Spyware is also able to function as a keylogger and can take screenshots of sensitive data.
Distributed Denial-of-Service attacks
A distributed denial-of-service (DDoS) attack involves multiple compromised computer systems attacking a target, such as a server, website, or another network resource, causing a denial of service for users of the targeted resource. The sheer volume of incoming messages, connection requests or malformed packets to the target system forces it to slow down or crash – which denies service to legitimate users or systems.
A phishing attack is a form of fraud in which an attacker masquerades as a reputable entity, such as a bank, well-known company, or person in email or other forms of communication, to distribute malicious links or attachments. This is to trick an unsuspecting victim into handing over valuable information, such as passwords, credit card details, intellectual property, and so on.
Spear phishing attacks are directed at specific individuals or companies, while whaling attacks are a type of spear phishing attack that specifically targets senior executives within an organisation. One type of whaling attack is the business email compromise, where the attacker targets specific employees who can authorize financial transactions to deceive them into transferring money into an account controlled by the attacker. The FBI estimates that $43bn was lost between 2016 and 2021 because of business email compromises.
SQL injection attacks
Most websites are database-driven and are, therefore, vulnerable to SQL injection attacks. An SQL query is a request for some action to be performed on a database. A carefully constructed malicious request can create, modify or delete the data stored in the database, as well as read and extract data such as intellectual property, personal information of customers, administrative credentials or private business details.
Cross-site scripting (XSS) attacks
XSS enables an attacker to steal session cookies, allowing the attacker to pretend to be the user, but it can also be used to spread malware, deface websites, create havoc on social networks, phish for credentials and—in conjunction with social engineering techniques—perpetrate more damaging attacks.
A botnet comprises a collection of internet-connected computers and devices that are infected and controlled remotely by cybercriminals. They are often used to send email spam, engage in click fraud campaigns, and generate malicious traffic for DDoS attacks. The objective of creating a botnet is to infect as many connected devices as possible and to use the computing power and resources of those devices to automate and magnify malicious activities.
The cybersecurity firm advised businesses experiencing a cyber attack to act fast. The goals should be to stop the attack and mitigate its impact:
Mobilise your team
The first thing to do is mobilise staff that have responsibility for cybersecurity. Ideally, they will have been trained to know how to respond in the event of an attack.