Businesses and individuals in Nigeria have been advised to prepare against cyberattacks this year as the threats from cyberspace are bound to increase. According to the Cyber Security Experts Association of Nigeria (CSEAN), year 2022 is expected to witness an escalation in cyberattacks and cybercrime from what was witnessed in 2021. Presenting the 2022 Nigeria Cybersecurity Threat Landscape, CSEAN President, Mr. Remi Afon, said the insight is based on cybersecurity trends in Nigeria and around the world, coupled with insights from leaders and global experts who assess the evolving cyber environment and the current security threats.
“From Ransomware and Business Email Compromise (BEC) scams to deepfakes, these predictions are based on existing trends while incorporating the behaviour of cybercriminals and changing technological innovations,” he said. Afon noted that year 2021 witnessed unprecedented ransomware attacks with the rise of Ransomware-as-a-Service (RaaS) groups on the Darkweb. He said the average amount of reported ransomware transactions per month in 2021 was $102.3 million, according to FinCEN report. This brought the estimated total losses to ransomeware for the year to $1.2 billion.
“Approximately 37 per cent of global organisations said they were victims of some form of a ransomware attack in 2021, according to IDC’s 2021 ransomware study. “In 2022, the ransomware threat and level of severity of ransomware attacks will grow. “With ransomware becoming the new digital pandemic, we expect to see the highest reported ransom paid by organisations in 2022 and disruption of service with maximum impact in terms of financial loss. “The loss would not only be calculated based on ransom paid, but in terms of financial losses due to service unavailability, loss of market share, and a drop in stakeholder confidence, amongst other factors,” the CSEAN president said. Meanwhile, as the 2023 Nigeria general election draws nearer, CSEAN said the use of deepfakes and fake news would rise in 2022.
Deepfakes are videos, images, or audio recordings that are manipulated by AI technology. “In a deepfake, an individual can be presented as saying or doing something that didn’t happen. Deepfakes are typically used to slander targets, manipulate events, falsify statements or evidence and create scandals. “They’re made with artificial intelligence software that maps targeted people’s faces into scenes and onto other people’s bodies, or otherwise manipulate parts of videos.
“The deepfakes threat has also been used to facilitate business email compromise (BEC) fraud, bypass Multi-Factor Authentication (MFA) protocols, and Know Your Customer (KYC) ID verification, and will be increasingly used in 2022 and beyond,” Afon explained. Giving further insights the CSEAN President said that the growth of cloud adoption through 2022 will coincide with the increase of cloud compromise and abuse.
“As organisations continue to rely on the cloud and cloud-hosted third-party providers, those third parties face mounting pressure to maintain confidentiality, integrity, and availability of customers’ data,” he said. He added that cloud security misconfiguration and supply chain attacks would rank among the top cyber threats in 2022. “In 2022, we can expect that cybercrime gangs will continue to seek ways to hijack the digital transformation of organisations to deploy malicious code, infiltrate networks, and gain persistence in systems all over the world,” he said. Afon added that insider threats would continue to pose a serious challenge for banks and other financial institutions in Nigeria this year. “Collusion between trusted insiders and cybercriminals will continue to increase in 2022. The majority of frauds in the banking sector were perpetrated through insider information leaks.
“Fake alerts, SIM swap scams, ATM card clones, use of ATM skimmers, and the likes, are highly successful when a bank insider is involved. “An insider threat is a malicious threat that comes from people within the organisation, such as employees, former employees, contractors, or business associates, who have privileged information concerning the organisation’s mode of operations and access to confidential information, which can assist cybercriminals to compromise the organisation or its customers,” he said. Citing a report by Abnormal Security in August 2021, a Nigeria-based ransomware gang was conducting a campaign that dangled a $1 million bribe, or a portion of any ransom collected to employees of targeted organisations if they will install ransomware on their corporate network.
“It is expected that this kind of baits will be taken by more insiders in 2022 as inflation and other economic ills make life tougher for the average Nigerian,” he said. While noting that the shift to remote work has moved from a temporary measure to help curb the spread of COVID-19 to a more permanent strategy for many businesses, Afon added that with the Omicron variant spreading globally, remote working would continue to be the preferred option for a very long time. He said cybercriminals would also continue to exploit this in 2022, adding that the attacks would come in form of phishing, man-in-the-middle attacks, malware attacks, and session hijacking.