Cyberattack, a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization, is on the rise in Nigeria and the world at large.
When targeting businesses or organizations, the hacker’s goal is usually to access sensitive and valuable company resources, such as Intellectual Property (IP), customer data or financial details.
The Economic and Financial Crimes Commission (EFCC) reported that 80 per cent of the 978 convictions it secured as at September 2021 were based on cyber fraud. A report by Nigeria Inter Bank Settlement System (NIBSS) indicates that within nine months of 2020, fraudsters made 46,126 attempts to breach data based systems. Sadly, 41,979 of these were successful – representing 91 per cent of the time.
A Survey titled ‘The State of Ransomware 2022′, revealed that 71 per cent of Nigerian businesses were hit by ransomware attacks in 2021 and that the cost of remediation of these attacks for 44 per cent of the businesses was $3.43 million.
It has been reported that Africa lost $3.5 billion in 2017 to cybercrimes, the Nigerian portion of this sum was $645 million, by far the largest. A year later, it was reported that Nigeria lost $800 million (N288 billion) collectively to cyberattacks. More broadly, a 2019 report disclosed that Nigeria has lost on average N127 billion ($328,842,878 million) annually to cybercrimes in recent years.
Next to cybercrimes is financial crimes, which is described by the Executive Vice Chairman (EVC), Nigerian Communications Commission (NCC), Dr. Aminu Maida as “criminal activities that involve transactions, abuse, misuse, deception, or manipulation of financial systems for personal gain.”
Maida, who was represented at a forum by the NCC’s Director of Public Affairs, Reuben Muoka, posited that these crimes also include a wide range of offenses such as insider abuse, money laundering, terrorism financing, embezzlement and all kinds of fraud, he added.
While financial crimes do not only have a huge economic and social impact but can also be linked to violent crimes that lead to loss of lives, Maida posited that they also threaten the integrity, trustworthiness, stability, security, safety, and future of an entity such as a country, enterprise or an individual.
Combating financial crimes
With effective application of Information and Communication Technology (ICT) however, financial crimes can be tackled, Maida asserted.
The NCC boss further stated that to combat financial crimes, innovative solutions such as blockchain, instant payments, artificial intelligence, machine learning, data analytics, regulatory technology solutions, and automated procedures are being deployed, adding that the use of technological tools has made it significantly easier to deal with financial crime while building a long term strategy for combating it.
Maida told the audience at the forum, comprising representatives of the Independent Corrupt Practices and Other Related Offences Commission (ICPC), Nigerian Financial Intelligence Unit (NFIU), among other stakeholders, that the scope of financial crimes has broadened and created further concerns as a result of increasing adoption of digital technologies, the emergence of new technologies, and the often-transnational nature of the crimes.
The Nigeria’s chief telecom regulator said though, as ICT systems get more complex, so do cybercriminal activities, just as criminal actors take advantage of the inherent and emerging flaws identified in the ICT systems exploiting these flaws and causing harm, the same technology has to be positioned to track movement of illicit movement of funds in and out of the country.
“Nigeria‘s telecoms sector has grown significantly, resulting in massive amounts of data being generated on a daily basis, the advent of advanced data analytics and Artificial Intelligence (AI) provides a gateway to identify suspicious digital patterns indicative of crime. Through partnerships with financial institutions data can be filtered to identify these suspicious patterns and nip them in the bud. These technologies provide real-time transaction monitoring, allowing for a proactive approach to crime prevention” Maida said.
Meanwhile, Maida stated that, aside ensuring increased access to telecommunications services, the Commission has established the Computer Security Incident Response Team (CSIRT), a group of experts in the Commission to handles security incidents that can affect the operations of organisations and individuals; incorporated biometric authentication in the use of telecom services and financial transactions on telecom carriers with strict enforcement of compliance by the licensees; as well as enabling digital forensics, among others.
So far, the CSIRT has over the years has rolled out some advisories as cyber threat actors continue to devise means of compromising their targets. One of the latest of such advisories urged users to be mindful after attackers use Microsoft OneNote attachments in phishing emails that infect victims with remote access malware, which may allow hackers to remotely access vital information on victims’ devices.
The Team had advised users not open files from people they do not know, not to click ‘OK’ and immediately exit the application if they receive a warning that opening an attachment or link can damage their computer or files and to promptly share an unknown email they believe to be genuine with a security or Windows administrator to assist in determining whether the file is secure.
They had also recently advised people not to open attachments in suspicious emails and to only purchase or download applications from official websites in response to the discovery of phishing malware that can gain unauthorized access to sensitive user data and download further malware.
The team also issued warning to Nigerians on cybersecurity analysts at South Korea’s cybersecurity emergency response centre, discovered a NetSupport RAT malware being distributed by threat actors from a phishing website disguised as a popular Pokemon card game.
“The malware is a remote access tool that easily controls its victims’ Personal Computers and may allow the attackers to remotely control the compromised computer’s mouse and keyboard, access the system’s file management and history and even execute commands allowing them to install additional malware,” they stated.
In addition to the need for public education and understanding of internet safety, which are important in limiting the risks linked with the spread of criminality via technology, Maida emphasized the need for increased collaboration and international cooperation to effectively tackle financial crime.
“Also, continued investment in ICT solutions, as well as a multidisciplinary and multi-stakeholder strategy, combining technology specialists, legal professionals, and legislators, as a critical approach in keeping up with emerging criminal methods,” he said.