Malicious attacks
A week after attacks on Kenyan firms, Anonymous Sudan, a pro-Sudan hacktivist group, claimed responsibility for cyber assaults on MTN…
A week after attacks on Kenyan firms, Anonymous Sudan, a pro-Sudan hacktivist group, claimed responsibility for cyber assaults on MTN Nigeria and Nigeria’s National Information Technology Development Agency (NITDA), reacting to Nigeria’s proposed military action in Niger. Anonymous Sudan warned Nigerian financial services, government and telcos to brace for attacks. Simultaneously, Interpol reported that a transnational investigation into West African cybercrime groups scamming web users yielded over 100 arrests and over two million euros seized. The operation, tagged “Operation Jackal,” was coordinated between 15–28 May across 21 countries on six continents, and it targeted cybercrime groups like the Nigerian “Black Axe” gang.
Cyberwarfare refers to actions taken by nation-states or international organisations to attack and potentially damage another nation’s computer systems or information networks using methods like computer viruses or denial-of-service attacks. This practice has grown in frequency and scope, becoming a significant aspect of many conflicts. Around the globe, countries and businesses must confront the reality that security has shifted from the physical realm to the digital domain. Nigeria, unfortunately, isn’t among the countries actively addressing this threat, although, in June, the Indian cybersecurity research firm Indusface named Nigeria the second most cyber-secure country in Africa. The research claims Nigeria has fewer compromised systems per 100,000 internet users among other African nations evaluated. This yardstick acknowledges Nigeria’s successful advances in countering malware like the Gamarue botnet, which primarily steals information and performs other activities like click fraud. On an interpersonal level, cybersecurity education among Nigerians thrives as more people get on the internet. However, corporate bodies and government agencies do not show the same level of commitment to better security. In March 2020, then-Minister of Communication Isa Ali Pantami was criticised for using Windows 7 operating system in government video conferencing gadgets. A few months later, during the #EndSARS protests, the personal data of police officers across the country was leaked after hackers got into the police’s online database with ease. In May, Sennaike David, an Information Security expert and bug bounty hacker, wrote on LinkedIn that he infiltrated a group of hackers on the dark web, stating they were selling the private data of a Nigerian fintech institution, including access to the company’s servers, username, password, Application Programming Interface (API) keys and private customer data. Mr David identified 43 Nigerian banks with feeble security and whose customer data were sold. To a certain degree, that expose explained the story behind bank users’ complaints about missing money in their accounts, which the banks had no explanation for. In the previous years, not only were banks easy to attack, but ride-hailing services such as Bolt and fintechs such as Flutterwave were also exposed. Flutterwave was hacked for ₦2.9 billion ($6.3 million) in over 60 transactions in February this year, and even though the company tried to deny it, court documents exposed the dysfunction in the corporate sector, endangering end users. Fraud attempts in Nigeria increased by 186% across mobile and web channels between the first three quarters of 2019 and the same period in 2020, according to the most recent data from the Nigeria Inter-Bank Settlement System (NIBSS). Fraudsters were successful with 91% of over 46,000 attempts in the first nine months of 2020, stealing ₦5 billion ($10.9 million) in the process, NIBSS said. Most attempts are by manipulating victims to give up sensitive personal information. At the core of this problem, which considers poor cybersecurity practices, is regulation. Although NITDA occasionally steps in to sanction erring businesses, it has not changed the behaviour of companies who treat data protection as an afterthought, and there is little assurance that the proposed Nigeria Data Protection Commission will be able to change that space. Despite the perception held by many Africans that cyber risks primarily affect Western countries, incidents like these serve as a reminder that cybersecurity threats are just as relevant for African governments and individuals. There are fewer recovery mechanisms and redundancies built into cyberspace in Africa; hence, an attack on one part usually leaves many of the users stranded, with losses they cannot afford. It is, therefore, crucial for governments and businesses to make the necessary investments in protecting cyberspace while being careful not to impinge on the cyber rights of citizens in the process. As the world converges increasingly into the digital space and more Africans get included, this becomes even more crucial. Public and private institutions in Nigeria and other African countries must learn that cyberattacks are part and parcel of daily life going forward and must implement strategies and best practices to mitigate such risks. To fortify Nigeria’s prowess in the digital realm and bolster defence, the government must strengthen cybersecurity, invest in cybersecurity infrastructure and training for government bodies and private enterprises, collaborate with international partners globally and provide more economic opportunities for the vulnerable youth. Groups like the Black Axe gang are driven partly by Nigeria’s grim unemployment and poverty crisis. Many unemployed or underemployed youths perceive cybercrime as an opportunity for financial gain. Therefore, by implementing these initiatives, Nigeria’s government can thwart the mounting menace of cyberwarfare and cybercrime and simultaneously cultivate a more secure and prosperous future for the country.