Welcome to the Private & Property Law Department Blog

Supreme Court Complex,

3 Arms Zone, Central Business District, Abuja

8:00 AM - 4:00 PM

Monday to Friday

CYBER SECURITY IN THE AGE OF COVID-19 PANDEMIC

CYBER SECURITY IN THE AGE OF COVID-19 PANDEMIC

Gloria Kanwulia Adeola-ADEDIPE
She is a Research Fellow at the Nigerian Institute of Advanced Legal Studies. Her Research interest are in Data Protection and Cyber Security Law.
gloriadipea@gmail.com

 

Information and Communications Technology (ICT) have become such a big part of our lives that it is unimaginable to function without technology. Smartphones, laptops, and computers are now an integral part of modern life. Simply put, cyber security refers to a collection of technologies, processes, structures, and procedures for safeguarding networks, computers, programs, and data generally against unsolicited access. Cyber security vulnerabilities can lead to financial or reputational loss. Cyber security must be taken seriously by organizations because once this is compromised, cybercriminals will engage in identity theft and use a unique encryption key to encrypt available customer data, thereby making it unavailable and inaccessible by the victimized organization until a ransom is paid. If no ransom is paid, the perpetrator will intentionally remove the encryption key to occasion data loss. Cybercriminals use vital encryption keys that cracking the keys may cause more economic damage. Cyber security has never been more critical than now. The devices and internet services we use can pose real threats of being used as tools in the hands of criminals online. The primary function of cyber security is to safeguard these devices and internet connections from theft or damage. There is an apparent need to prevent unauthorized access to personal information, whether they are stored offline or online.

With the increasing rate of online shopping, banking, and social media interactions, it is imperative to take appropriate technical measures to prevent opportunists and cyber perpetrators from trespassing with personal information through unauthorized access to devices. A recent survey by IT security professionals worldwide revealed an increase in cyber-attacks since the covid-19 pandemic- data exfiltration and leakage, including unauthorized removal or transfer of data from a device by a perpetrator or malware. Organizations also recorded phishing emails.• COVID-19: increase in cyber attacks 2021 | Statista. Phishing, a term associated with email fraud, is the most prominent form of cyber-attacks today. Victims are deceived by fake email correspondence directing them to fraudulent sites where personal information is captured from masqueraded forms. They are prompted to fill out or login pages to commit online fraud or identity theft Phishing – statistics & facts | Statista.

A cyber security breach occurs when people gain unauthorized access to data and systems. This could be medical/health information, credit card details/customer data, especially from the retail sector, or even a mailing list. Any data in the wrong hands can pose real damage. For example, a stolen hard drive containing personal data or when individuals hack into systems or a carelessly unsecured internet can endanger cyber security How to reduce data breach and cyber security risk (pinsentmasons.com) Digital vulnerability can also occur from poor user practices and lack of cyber security training. Individuals and businesses are advised to password and use further encryption methods to secure personal information.

As covid19 spread globally, tech-driven threats also increased. There have been reports of scams impersonating public authorities such as the World Health Organisation (WHO), the UK’s National Health Service (NHS), communication technology providers, supermarkets, airlines, and retail stores, targeting support platforms conducting personal protection equipment (PPE) fraud and offering covid cures. These scams were targeted against the general public and individuals working from home. Increase in the number of people working from home also raised the level of cyber security concerns and challenges to a degree never recorded before the pandemic 2006.11929.pdf (arxiv.org)

Cyber-attacks also targeted critical infrastructure such as health care services. The National Cyber Security Centre of the UK, the US Department of Homeland Security, and Cyber Security and Infrastructure Security Agency (CISA) published a joint advisory on how cyber-perpetrators and advanced persistent threat (APT) groups exploited the covid pandemic. The advisory also discussed issues relating to phishing, malware and the compromise of Microsoft and Zoom as the number of communications on these platforms increased.

Malware, another form of cybercrime, involves using malicious software to disrupt services, extract data, and several other cyber-attacks. Email messages are often used during phishing attacks; occasionally, SMS or WhatsApp messages may be used by perpetrators to convince users to perform certain actions under the guise that they are dealing with a legitimate individual. On the other hand, Denial of Service (DoS) attacks system availability and work by flooding essential services with illegitimate requests to consume the bandwidth used for legitimate server requests, thereby forcing such servers offline.

In the UK for example, the extent of covid19 cybersecurity-related problems was quite exceptional. By early May 2020, complainants reported more than 160,000 ‘suspect’ emails to the UK’s National Cyber Security Centre. By the end of the month, 4.6m pounds had been lost to covid related scams, which necessitated the take-down 471 fake online shops.

Phishing is said to be the most common form of cyber-attack globally because phishing attempts are less costly with high success rates. During the covid pandemic, perpetrators impersonated the WHO, NHS, and other organizations. For example; in one of the poorly typed emails impersonating the WHO, perpetrators attached a zip file claiming it contained an e-book on helpful information regarding covid. It reads: ”the complete research/origin of the coronavirus and the recommended guide to follow to protect yourselves and others.” It further reads: ”you are now receiving this email because your life counts as everyone’s lives count.” Perpetrators used the branding of the WHO posing as helpful with legitimate guidance appealing to people’s emotions whilst crafting their attack email. Another website was discovered which contained malware presenting the John Hopkins university’s covid-19 dashboard.

In order to increase the success rate of phishing attacks, cyber-criminals now engage in registration of several websites with the word ‘covid’ and ‘coronavirus’ because such websites are more likely to be believed and easily accessed by unsuspecting users, especially where the WHO or Center for Disease Control and Prevention (CDC) branding are added. The website domains of covid related goods in high demand such as Personal Protection Equipment (PPE) and drugs were also targeted.

Communications platforms- Zoom, Microsoft, and Google also had their share of impersonation through emails and domain names as more people interacted on these platforms. The number of scams and malware attacks skyrocketed since the outbreak of covid19. Phishing attacks for example were reported to have increased by 600% in March 2020 Phishing – statistics & facts | Statista.

In Nigeria, the Cybercrimes (Prohibition, Prevention, Etc) Act, 2015 ensures the protection of critical national information infrastructure and promotes cyber security as well as the protection of computer systems and networks, electronic communications, data, and computer programs, intellectual property, and privacy rights. Under the Act, any person who engages in computer phishing or spamming with intent to disrupt the operations of a computer or engages in malicious or deliberate spread of viruses or any malware thereby causing damage to critical national information infrastructure or computers shall be guilty of an offense and liable upon conviction to 3 years imprisonment or a fine of N 1,000,000.00 or both CyberCrime__Prohibition_Prevention_etc__Act__2015.pdf (cert.gov.ng)

Sadly, most businesses in Nigeria do not have the requisite technical defenses to combat cyber-attacks. They are even less aware of risks and lack resources for adequate cyber-security measures The Most Serious Cyber Security Threats Facing Businesses in Nigeria and How to Mitigate Them – Olisa Agbakoba Legal (OAL) Cyber-criminals frequently target SMEs in Nigeria because of their poor level of cyber security preparedness. Only a few businesses in Nigeria can boast of a dedicated IT security expert as a staff member, thereby making them more vulnerable to cyber-attacks. Notably, cyber perpetrators are not usually interested in the size of an organization but their financial strength or the volume of customer data they process. Phishing attacks are the most prevalent and dangerous threat to businesses in Nigeria. Such attacks occur whenever a cybercriminal poses as a legitimate entity persuading victims to click on a malicious link or request disclosure of personal data, bank details, or other information that will subsequently be used for fraud. On the other hand, Malware involves a range of cyber threats, including trojans and viruses to either gain access to networks, steal/destroy data, or cripple devices.

The Nigerian Communications Commission (NCC) recently alerted telecom consumers of a new, high-risk and extremely damaging malware called Flubot which targets Androids with fake security updates and App installations; impersonating Android mobile banking applications to draw fake web view on targeted applications. Its goal transcends stealing personal data and essentially targets credit card details or online banking credentials. Flubit malware is said to be circulated through SMS posing as FedEx, DHL, Correos, and Chrome applications and it can snoop on incoming notifications, initiate calls, read or write SMS, and transmit the victim’s contact list to its control centre NCC alerts Nigerians on “Flubot” malware, lists measures to guard against attack | The Guardian Nigeria News – Nigeria and World News — Technology — The Guardian Nigeria News – Nigeria and World News

A low level of cyber security training could be the reason for several cyber-attacks. Everyone must be alert and have good Security Awareness Training in order to be able to recognize and abort cyber-attacks. Do not click on suspicious links. Organizations are also advised to put technical measures in place to prevent cyber-attacks. Use updated antivirus software that detects and prevents malware. Use strong passwords and enable Two-Factor or multiple-factor authentication over logins. Having an effective Endpoint Protection on all devices will also deter perpetrators. Businesses should ensure that they take cyber security awareness a priority for all staff. A good way to prevent data loss or Ransomware attack is to adopt a trusted cloud backup solution regularly.

Share:

Add your Comment