Nigerian Businesses Face Growing Ransomware-as-a-Service Trade

11 months ago 46
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

The globe with a map of Africa in the center, with a keyboard behind

Source: Pablo Lagarto via Alamy Stock Photo

Ransomware-as-a-service looks set to fuel an increase in attack in Nigeria, as a notable agency is named as a victim to the notorious malware.

Nigeria's National Cyber Threat Forecast 2024 from the Cyber Security Experts of Nigeria (CSEAN), a nonprofit championing cybersecurity awareness in Nigeria, reports that ransomware groups and variants — such as ALPHV, 0XXX Virus, DJVU, and the Cobalt Strike exploit toolkit — affected both public- and private-sector organizations in the African country in 2023. The resulting operational disruptions and recovery efforts cost billions of Nigerian naira, or millions of US dollars.

For example, one "notable regulatory agency" fell victim to the Mallox ransomware, "exploiting a Microsoft vulnerability in their public-facing digital systems," the study claimed, although there was no detail on which agency it was.

Ransomware-as-a-Service

Ransomware-as-a-service (RaaS) is a business model where ransomware developers sell or lease their variants to other cybercriminals, known as affiliates, who do the grunt work of planting malware by either exploiting software vulnerabilities or phishing.

RaaS allows would-be cybercriminals to launch sophisticated cyberattacks, according to the report. "Factors like the use of outdated or unpatched software and systems, reliance on cracked software, insufficient proactive monitoring, and unaddressed security vulnerabilities contributed to the success of these attacks," CSEAN noted. "The accessibility of ransomware-as-a-service and the success of previous campaigns suggest a persistent and growing threat."

Potential mitigations in the face of an increased threat of ransomware attacks include prompt patching, avoiding unauthorized software and rolling out stronger monitoring practices through intrusion detection systems.

"Adopting these proactive cybersecurity measures is essential to lessen the anticipated impact of the expected surge in ransomware attacks," according to CSEAN.

CSEAN is not the first cybersecurity organization to report that Nigeria has become a hub of ransomware attacks.

During the first half of 2023, Nigeria saw a 7% increase in ransomware attack attempts on individual and corporate users compared with the first half of 2022, according to a recent study by Kaspersky. Seventy-one percent of Nigerian organizations were hit by ransomware in 2021, up from 22% recorded a year earlier, Sophos reported.

Kim Wiles, senior project manager at Nominet, says that due to the nature of RaaS, there are no national boundaries and, in many cases, no limitations on who the threat actors can target.

"It's easy to scan the Internet and find potential victims," Wiles says. "Companies and countries that haven't kept their software and infrastructure up to date are always going to be more prone, and online government assets will continue to be vulnerable to common exploits."

AI-Powered Scams

Elsewhere, managed security service providers and security operations centers were targeted by malware variants like RedLine, Raccoon, and Lumba. These threats are likely to continue and escalate over the next 12 months, according to CSEAN.

Attackers are also abusing AI tools to create more effective attacks with the least possible effort. "This will manifest in more personalized phishing attacks, personalized malware, automated large-scale attacks, and sophisticated social engineering attacks," the CSEAN report claimed.

James McQuiggan, security awareness advocate at KnowBe4, says the advent of AI has ushered in an increased sophistication and volume of phishing attacks, partly because it automates the process of creating convincing scams.

"Generative AI also lowers the technical barrier to creating convincing profile pictures, impeccable text, and even malware," he says.

Addressing the complex cybersecurity challenges necessitates a "proactive and comprehensive approach" and a commitment to cybersecurity best practices, the report concluded. "Collaboration between public and private sectors, the adoption of updated computing resources, and a commitment to cybersecurity best practices are imperative."

Read Entire Article