Last week, Nigerian newspapers reported a recently released cybersecurity threat report by Zscaler ThreatLabz research team. ThreatLabz is the embedded research arm of Zscaler, the software-as-a-service American cybersecurity company.
The key takeaways from the report include the fact that cybersecurity threat is on the increase: “A 29% rise in banking malware attacks…and 111% increase in mobile spyware incidents.” Other important revelations are that Nigeria is among the top nations targeted by hackers and that over 200 apps regularly downloaded on the Google Play Store by Nigerians are malicious. Google assured though that it has taken down those apps.
Some of the reasons for this upsurge, according to the quoted report, are the “profitability of cyberattacks” and the ease of “bypassing multi-factor authentication (MFA)” by cyber attackers. For instance, fraudsters stole circa N18 billion from Nigerian banks in 2023, the Nigeria Inter-Bank Settlement System’s yearly report showed. Individuals and organisations remain at risk of these cyberattacks and both must devise ways to stay ahead of the attackers.
In light of this report and the increasing sophistication of cyberattacks, I have highlighted some common attack types by cyber fraudsters and ways to avoid falling victim. While some of these methods, like phishing, are old, advances in technology have led to newer hacking techniques that you may not have heard of.
Trojan Horse
If you are a student of literature, then you probably already guessed what a Trojan Horse is or does. In Greek mythology, it was a large wooden horse presented by the Greeks as a gift to the people of Troy, supposedly in good faith to signal the end of the Trojan War. In the hollow of the horse were hidden Greek soldiers. The unsuspecting people of Troy accepted the gift and wheeled it into their impregnable city. The Greeks had tried for years unsuccessfully to breach the city of Troy and conquer its people until they devised the Trojan Horse.
Read also: Here are 6 ways cyberattacks can hurt your business
At night, the Greek soldiers hidden inside the horse slipped out and opened the city’s gates to admit the Greek army. The Greeks won the war. The malicious programme called the Trojan Horse works in a similar fashion to the Greeks’ Trojan. It comes disguised as a legitimate programme to infiltrate your otherwise impregnable system. To avoid the Troy mistake, never accept a Greek gift. You have to first verify and be sure of the source of a programme or application before you install or download it. You may also want to consider next-generation firewalls that are particularly effective in screening data packets.
Watering Hole Attack
This is a proxy attack by a hacker. The attacker’s plan to hack into an organisation’s system is executed through individuals in that organisation. Let’s take a financial services organisation as an example. Due to a multilayer cybersecurity protocol, the attacker may be unsuccessful in comprising the organisation’s system. So, he changes tactics by monitoring individuals in the company to know which sites they visit regularly. He then infects such websites and through that infects the targeted website. From there on, it’s smooth sailing for the hacker. To prevent this, a VPN can come in handy in masking your activities online.
Internet of Things (IoT) attacks
We live in a smart world today where household items and devices like your furniture, radio, TV, fans, air conditioning units, and even toys are becoming smart and seem to have a life of their own as they interact with people. Such Internet of Things devices are the targets of smart hackers to get to their victims. IoTs are usually overlooked when we think about antivirus or the security of our systems. Hackers have picked up on that and target computer systems through IoTs.
Hackers strung these unprotected IoT devices together and suddenly your smart microwave, TV, speakers, cookers, camera, CCTV, and fans become “rebellious” and attack your systems, denying you of service. Remember the Mirai Botnet? In 2016, it took just three teenagers to string together over 600,000 IoTs into bot armies that almost crippled the internet. One way to guard against IoT attacks is by using a guest network rather than your regular network for connectivity. Regular updates of IoTs to seal patches and prevent vulnerabilities remain a smart idea.
Drive-by attack
Nobody buys a Rolls-Royce and leaves it out on the street where it can attract unwanted attention. Usually, such cars are locked up behind sophisticated and secure garage doors. An insecure website is the equivalent of buying a Rolls-Royce and leaving it carelessly on the street – you are asking for trouble. Hackers target such weak or unsecured websites and embed malicious code thereby weaponising such websites against unsuspecting visitors. In a drive-by attack, visiting such sites is enough to compromise your system hence the name. It’s akin to passing through Chernobyl, Ukraine, in the early 90s.
Read also: Businesses need to interface with AI to minimise identity, cybersecurity threats – Meyer
Man-in-the-Middle attacks
As the name suggests, there’s a third party right in the middle of your conversations and engagements online. Whatever you send to individual B, individual C, who is unknown to both you and individual B, is getting the same message. He is an eavesdropper. This usually happens where there are weak encryption protocols. The attacker can cost an individual or organisation huge financial losses, reputational damage, and brand erosion. The hacker can modify your message before it gets to individual B and individual B will act on the modified message believing you sent it and vice versa.
As much as possible, avoid free and public Wi-Fi networks; they are often a lodestone for such attacks. Strong passwords and multi-factor authentication are other ways to prevent an unwanted ear in the middle of your conversations.
Insider threat
The most dangerous attack, however, and which is often difficult to protect against is insider threats. Insiders have a detailed understanding of an organisation’s cybersecurity architecture and they have direct access to systems and even some with admin privileges. All of that combined to make an insider threat difficult to curtail. Insiders have the knowledge, the time, and access to cause serious damage. Curtailing insider threats must start from the recruitment process. Adequate background checks and quality references must be a top priority for the HR unit. Integrity must be top of the pile of desired qualities for any hire.
Such checks will be the first line of defence for the organisation. Others will include restricting access to sensitive locations to only a few insiders, and only on a need-to-know basis. Then a multi-factor authentication protocol must be activated.
Other forms of cyberattacks are good old Phishing, Zero-Day Exploit, Social Engineering, Password Attack, Birthday Attack, Structured Query Language (SQL) injection attack, Cryptojacking, Session Hijacking, Uniform Resource Locator (URL) Interpretation, and Adware, among many others.
With the increasing sophistication and rate of cyberattacks, it is incumbent on you and me to be more circumspect in our activities and engagements online to save ourselves and our organisations from losing money and our reputation to cyber fraudsters.
Join BusinessDay whatsapp Channel, to stay up to date
Open In Whatsapp
