Hackers wreck havoc on Nigerian businesses – Rake in over N60 billion in 2021

By ADEBAYO OBAJEMU

Companies in Nigeria are having nightmares over cyber attacks, which is increasing their cost operations. Deposit money banks, for instance, are spending huge sums on cyber security programmes to wade off such unwelcomed visitors.

According to reports, the country has lost over millions of dollar (N60 billion) to the pernicious activities of hackers in recent years. A bank’s IT manager, who craved anonymity, lamented that leaving office after the day’s work is usually with trepidation, as anything can happen over night.

“Whenever we are leaving office it is with great anxiety, because you resume the next day only to see your systems compromised and vital materials either corrupted and stolen. We are in a constant battle with them, and it seems they are winning, and this is costing banks hugely”, he said.

But the harm is not only limited to financial loss alone, there is whole question of compromising national security when hackers get hold of and break into sensitive data base as was the case recently when cyber criminals broke into NIMC server.

According to reports, over three million National Identity Numbers of Nigerians were stolen after a hacker known only as Sam broke into the server of the National Identity Management Company.

Revealing how easy it was for him to breach the NIMC server and access personal information of millions of Nigerians in an article he shared on infosecwriteups.com, the hacker boasted that he got access to “juice” on the Nigerian Government agency’s server and that he could go ahead to do whatever he desired with other sensitive data at his disposal.

Displaying a defaced National Identity card of a Nigerian alongside the article, the hacker said, “I’ve got one more output for s3 bucket, I casually tried to access it without any hope, and damn! The s3 bucket is full of juice.

“I just simply got access to their (Nigeria) data of internal files, users and everything they have. I can download everything, even the whole bucket. I am sure that the bucket is full of juice.

“I wanted to look at more files but as we have to follow bug bounty rules I stopped doing more. I’ve got one more s3 bucket with nuclei and it also contained about 4–5 gigs of data.

“I’ve rewarded 5250$ for only one report and 0$ for the second one even it contained so much sensitive data,” the hacker wrote in the article that has continued to generate reactions from some Nigerians on Twitter especially tech enthusiasts.

A user on the micro-blogging platform with the handle @isidags while reacting to the development said, “I’m shocked Nigerians are shocked.

“Seems you people don’t know the government and country you’re involved with.”
Another user known as @boluxxxx while commenting said, “Jokes aside, this is enough reason for Buhari to sack Pantami.”

Berating Nigeria’s weak cyber security, another Twitter user, @bespokeKENErd, said, “It was only a matter of time before this happened. Nigeria’s information security is ridiculously lax. So careless with sensitive data.”

The hacking of the NIMC server has not only exposed Nigeria’s weak cyber security but also highlighted the danger the country’s residents and investments were currently under.

The latest cyber attack comes less than two months after the Nigerian Communications Commission in November 2021 issued a warning that an Iranian hacking group was planning to carry out cyber espionage across Africa.

A statement from the agency had further disclosed that the hackers were targeting telecoms, Internet Service Providers, and Ministries of Foreign Affairs in Nigeria and other African countries.

The incident also came months after the President Muhammadu Buhari administration while mandating Nigerians to enroll for National Identification Number claimed that it was going to stop crimes in the country including those perpetrated via the Internet.

Speaking during the launch of the National Policy for the Promotion of Indigenous Content in Nigerian Telecoms Sector and Revised National Identity Policy for SIM Cards registration in May 2021, President Buhari said, “The NIN will cover one of the weaknesses in our security structure. We will be able to easily identify and know the personality of Nigerians.
We will identify people easily, including the crooks.”

Assuring Nigerians of how vital the new system would be to crime fighting in the country, Minister of Communications and Digital Economy, Isa Pantami, in June 2021, claimed that incidents of terror such as banditry and kidnapping in the country had significantly reduced as a result of the insistence by government for persons in Nigeria to register for NIN.

Pantami went further to say that the improved database will protect Nigerians more than ever before. But despite those assurances, the latest attack has exposed the failure of the President Buhari administration to protect Nigerians from cyber criminals.

About two weeks ago suspected Russian hackers started targeting Nigerian websites, with Bet9ja falling as their first victim. This comes after the United States said it had secretly removed malware from computer networks around the world in recent weeks, in its bid to pre-empt Russian cyber attacks.
The U.S said the move was necessary because of Russia’s plan to attack American critical infrastructure. It said the malware it removed enabled Russians to create ‘botnets’ — networks of private computers that are infected with malicious software and controlled by the G.R.U., the intelligence arm of the Russian military.

Bet9ja first announced that it was having issues with its website on last Wednesday on its verified Twitter handle. According to the company, its customers were not able to login into their accounts.

It said, “We are currently experiencing an issue with our website. This means you may not be able to log in.

“We take this matter very seriously and our IT team is working on it as their number one priority right now.”

However, on Thursday, the firm announced that it had become a victim of a cyber-attack. Bet9ja said, “The Bet9ja betting platform, just like so many market-leading global organisations, has recently become a victim of a sophisticated criminal cyber-attack, which is restricting our customers from having access to the platform.
“We are working tirelessly with our IT team, independent forensics, and cybercrime experts to resolve this, we take this matter extremely seriously. Our priority is protecting our customers and you have our assurances that your accounts will not be compromised, and all your funds are safe.

“We apologise for this situation and once back online, we will reward our loyal customers with a truly sensational bonanza of promotions.”
In a previous post, the firm added that its customer’s funds are secured.

According to the Founder, e86 Limited, OluGbengaOdeyemi, Bet9ja’s attack is likely to become commonplace with other companies if proactive steps are not taken.

He said, “Yes, we are likely to see more of that. The U.S government sent out a notice/warning about a week or two ago about impending attacks from Russia in response to the Russian invasion of Ukraine.

“Every organisation must beef up their security at this time. If there are things they have been cutting back on, now is the time to fix those things. For organisations that have always kept their infrastructure up to date, this will be a good time to have regular internal checks and thorough penetration testing done on their infrastructure.

“My hope is that organisations won’t find out about attacks on their infrastructure when it’s too late to salvage anything.”

Experts say cybercriminals have increased their attacks on Nigerian businesses, especially since 2021, exploiting business owners with ransomware, as 5,600 small and medium enterprises in 31 countries fell victim.

According to Global cybersecurity firm, Sophos, in its ‘State of Ransomware 2022’ report, cybercriminals attacked 71 percent of businesses last year through ransomware.

Ransomware is an extension of malware, used to paralyse the system of an organisation by cybercriminals who take possession of an organisation’s database, and place encryption key, to deny the company access.

In order for organisations to have access to the stolen files, they have to pay for the encryption key. And according to Sophos, 40 percent of companies in Nigeria caught in the web paid in exchange for the key despite having backup data.

It was gathered that the organisations prefer to recover the stolen database due to the cost and time needed to deploy the backup data. Sophos also stated that some business’s backup data might not be up to date.

BusinessHallmark learnt that organisations in the country suffer more cyberattacks than any other country in Africa. But these attacks go unreported despite a mandatory regulation for disclosure.

Cyber attacks in Nigeria are rarely disclosed, giving an ambience of safety. But in reality, Nigeria firms suffers some of the worst cyber attacks on the African continent.

According to a report by Sophos, a UK-based cybersecurity company, 86% of Nigerian organisations surveyed said they suffered cyber attacks in the last 12 months; the second-highest after India.

Importantly, the country ranked in the top five for major attacks including malware attacks, ransomware, stolen account credentials and crypto-jacking. 64% of cyber attacks in Nigeria exploited misconfigurations on the organisation’s server.

“Nigerian organisations suffered the most data leaks than any country surveyed in the report. 57% of Nigerian organisations said their public cloud data was exposed in the last year. Meanwhile, 46% of Nigerian organisations said their account credentials, the method hackers used to attack Twitter, were stolen in the last 12 months.”

While Sophos captured these types of attacks, other attacks such as brute force, email compromises, WhatsApp account hijacking among many others are also real threats.
On the one hand, Nigeria is not a high-value target for cyber attacks, at least not on the scale seen abroad. The relatively low value of the Nigerian currency has also forced more local threat actors to double down on international scams such as dating scams and business email compromise schemes.

In the last half of 2019, international anti-fraud efforts led to the arrest of over 100 Nigerian scammers and the disruption of over $100 million in fraudulent transactions.

Yet in Nigeria, the culture of secrecy is strong and makes it difficult to know domestic breaches happen. Organisations are less willing to disclose when and if these attacks happen.

In August 2019, Business Day reported that the Nigerian Yellow Card website was leaking data. The website housed sensitive health information for Nigerian air travellers who have been vaccinated against yellow fever. The government did not respond to the report.
In another incident in 2018, customer data for Arik Air, a Nigerian travel company, was found unsecured on an Amazon S3 bucket on the cloud. The unsecured link held three months of customer data and was discovered on September 6.

But it took 18 days for the company to acknowledge the leak after it was exposed. The data was secured after September 24 but Arik did not issue any statement regarding this development.

Speaking to BusinessHallmark a cybersecurity expert Abayomi Enitan explains that Nigerian organisations have sociological issues revolving around trust and cultural problems when it comes to disclosing cyber attacks.
He said “we Nigerians have trust issues.”

“There are security researchers who would find critical vulnerabilities or get access to company data and want to responsibly disclose it, but some organisations have not fully gotten the importance of crowd sourcing reporting.”

According to him when researchers discover such leaks, rather than address the exploits, some companies choose to intimidate the source and accuse them of malicious intent.
“I have seen cases where people have been arrested or had lawsuits against them for things [vulnerabilities] they’ve found on companies,” he disclosed .

Yet, disclosing attacks is good practice, he said, but many companies choose not to do so.
“[Some companies] may not want to go on-the-record about it because it could affect their investments, affect how customers perceive them, how people perceive the company going forward,” Enitan said.

He added that in some other cases if the breach was not high impact or critical, companies may not want to talk about it.
The Nigerian Cybercrime Act was signed into law in May 2015. This is the country’s first legislature that covers cybersecurity in the country. Its enforcement is the shared responsibility of the Attorney-General of the Federation and the National Security Adviser.

The Act created a National Computer Emergency Response Team (CERT) to manage cyberattacks. Section 21 of the Act mandates individuals and organisations to report cyberattacks when they happen:
Any Person or institution, who operates a computer system or a network, whether public or private, must immediately inform the National Computer Emergency Response Team (CERT) Coordination Center Of any attacks, intrusions and other disruptions liable to hinder the functioning of another computer system or network so that the National CERT Can take the necessary measures to tackle the issues.
But enforcement has been a problem, according to experts.