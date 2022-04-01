The Nigerian Communications Commission’s (NCC) Computer Security Incidents Response Team (CSIRT) for the telecoms sector has uncovered two new cyber threats, one targeting Windows Platforms and the other a specific type of router.

The findings were made public earlier this week in two separate advisories issued by the cyberspace protection team.

The first cyber danger is the ‘Lokilocker’ ransomware, which can wipe data from any version of Windows system or platform. It results in data loss and denial of service (DoS), lowering user productivity.

Lokilocker is a ransomware that encrypts user files and renders the compromised machine useless if the victim does not pay the requested ransom in time.

The NCC CSIRT made these statements in a press release: “To protect against infections by Lokilocker and similar ransomware, the best rule is to always have a backup copy of your data, which should be stored offline,” the advisory stated.

The ransomware hides its harmful activity by displaying a phony window update page, canceling particular programs and services, and entirely disabling the affected system’s task manager, windows error reporting, machine firewall, and windows defender.

Unfortunately, it features built-in mechanisms that inhibit data recovery by deleting backup files, shadow copies, and system restore points. It also updates original equipment manufacturer (OEM) information in the infiltrated system’s registry and overwrites the user login note.

Read also: UK Government increases support for Cybersafe’s DigiGirls Initiative

In addition to CSIRT remarks, all downloads and email attachments should be approached with caution, even if they come from reputable sources. “Users should also ensure their attachments are scanned with an up-to-date antimalware solution, before opening,” they added.

The NCC CSIRT has uncovered a Botnet that targets Microtik Routers as the second cyber threat. Thousands of routers from Microtik that have been determined to be susceptible are being utilized to form one of the largest botnets in history, according to CSIRT.

Due to a directory traversal vulnerability in the WinBox interface, this botnet leverages an already-known vulnerability that allows unauthenticated remote attackers to read arbitrary files and authenticated remote attackers to write arbitrary files. The previously exploited weakness allowed the attackers to enslave all of the routers and then rent them out as a service.

In accordance with new research published by Avast, a cryptocurrency mining campaign taking advantage of the newly disrupted Glupteba botnet as well as the famed Trickbot malicious software was found to have been disseminated by the very same command-and-control (C2) server.

The C2 server functions as botnet-as-a-service, which controls nearly 230,000 vulnerable MicroTik routers. The Botnet, however, has been linked to what is now called the Meris Botnet.

Bypass authentication, data loss, denial of service, remote code execution, sniffer password, and unauthorized access are among the threats emerging from the botnet. These circumstances put victims of this cyber threat at risk of malware dissemination, bitcoin mining (which consumes more system resources), remote code execution, and data theft.

To stay safe from the botnet, NCC CISRT advised users to update or apply the latest patches to their routers as soon as they become available, create strong router passwords, hide the router administration interface from the public, avoid illegitimate or cracked software versions of legitimate applications, and use decent antivirus software with built-in web-filtering, and apply the latest patches as soon as they become available.