The coronavirus pandemic has led to different domestic and cyber challenges. Aside not having the freedom to move about, millions of Nigerians who are observing the lockdown rules are being knocked down further by cybercriminals. According to data from Atlas VPN, hackers attacked businesses more than 22 million times last week worldwide.
The data showed that over 63% of these hacking attempts were malware attacks. Malware is a type of software that tends to either steal your files or encrypt them and render them useless until a password is entered that will decrypt your data. Hackers demand a ransom in order for you to retrieve the password, hence the commonly used name ransomware.
However, the most popular scenarios are phishing and command and control (C&C) attacks. Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by pretending to be a trusted figure such as a bank, your colleague or even regulatory authority. C&C attempts to take over control of your system and then steal or delete your data. This can also be used as a part of a phishing scam or a way to infect the network with malware.
Atlas VPN has extracted and organized the data acquired from a cybersecurity giant Akamai, that provides real-time data on cyber-attacks that their corporate customers are under. The company catches a significant amount of attacks globally since it is one of the largest distributed computing platforms in the world. It serves between 15%-30% of web traffic globally.
On average, there were 3.26 million cyber-attacks daily in April. From the chart, a total of 3.6 million attacks were carried on April 15 and most of these cyber-attacks were malware. This is because malware is usually the easiest way to infiltrate companies’ networks, steal and freeze data and demand a ransom. On average, there were 2,070,297 malware attacks per day last week. Malware attacks comprised 63% of the total attacks.
The figures keep increasing because of increased internet usage. Besides, more people are working from home due to coronavirus pandemic. Now cybercriminals and hackers are taking bad advantage of the lockdown to pummel millions of people who are staying indoors to avoid the spread of COVID-19. This is not limited to America, Australia, Mexico, Europe and Asia. It is happening in Africa, specifically, Nigeria.
After the states and the federal government announced stimulus packages for Nigerians and during the weeks under review, cybercriminals and hackers having been sending spurious messages to various chat groups on WhatsApp. There is only one goal: to phish for data using malware and C&C attacks and steal their financial data. Once this is done, these criminals would get access to the bank accounts of unsuspecting Nigerians and fleece them.
Of all the counterfeit messages sent to Nigerians, the particular one that caught my attention the most is this one: FG Lockdown Funds. The message urged innocent Nigerians to claim “free N5, 000 lockdown funds for their sustenance during this lockdown”. The phishing line reads that the “FG has started giving out free N5, 000 to sustain and support citizens during the lockdown period.
Then, to whet their appetite of some helpless and hapless Nigerians into taking action, it stated that, “I just claimed mine now and you too can claim yours. You are only eligible to be credited once”. But to be credited, there is a caveat. “Click below to claim yours instantly. https://bit.ly/free-N5,000. It’s available for just a few people so claim yours now! End of message. There are other such messages targeted at hapless Nigerians who are unfortunate. Nigerians who may have followed the above advise just because they have no means of survival would regret their actions. These Nigerians are among the millions of people cybercriminals and hackers defrauded last week. But that is not the end.
For as long as the pandemic lasts, the cybercriminals and hacker would be on the prowl. The simple antidote to phishing and malware is to be aware of the activities of the criminals and ignore their message. Do not click on any link if you are not sure of the source. If the message is too good to be true as the above message, check with a friend or call me.
Anyway, there will be a steady rise in credential stuffing attacks, according to experts. That is because criminals supplement existing stolen credential data through phishing and then one way they make money is by hijacking accounts or reselling the lists they have created. The cyber-criminals target the financial services organizations such as banks, investment houses and their consumers. That is where you are involved.
It is established that cybercriminals do not walk into a bank to steal. They usually get access to a bank’s vault through the weakest link: the customers, or web applications and availability. It is good you know. Please do not click on any link if you are not sure. At this period when health institutions and governments are looking for a lasting solution to end the coronavirus pandemic when people are restless and their resources are dwindling, defrauding them now or anytime is sheer criminal.