The Nigerian Communications Commission (NCC) has alerted Nigerians to a plan by a cybercrime group to deliver ransomware to targeted organisational networks.
The scheme, uncovered by security experts, has been categorised by the Nigerian Computer Emergency Response Team’s (ngCERT) advisory released at the weekend, as high-risk and critical.
NCC, in a statement by its Director of Public Affairs, Dr. Ike Adinde, yesterday, quoted the advisory, as saying that the criminal group has been mailing out USB thumb drives to many organisations in anticipation that recipients will plug them into their personal computers (PCs) and install the ransomware on their networks. While businesses are being targeted, criminals could soon begin sending infected USB drives to individuals.
Relying on data from CheckPoint Software Technologies, The Guardian had reported last week, how organisations in Nigeria, South Africa, Kenya and other part of Africa recorded the highest volume of cyber attacks in 2021, with an average of 1,615 weekly breaches.
Data from CheckPoint revealed that the 1,615 attacks represented a 15 per cent increase from 2020. In second place is Asia Pacific (APAC) with an average of 1,299 weekly attacks per organisation (20 per cent increase), followed by Latin America with an average of 1,117 attacks weekly (37 per cent increase), Europe with 665 (65 per cent increase) and North America with 497 (57 per cent increase).
Globally, it disclosed that 2021 recorded a record-breaking number of cyber attacks, with a 50 per cent increase in overall breaches per week on corporate networks compared to the year before.
Further, the NCC statement, describing how the cybercrime group runs the ransomware, informed that the ngCERT advisory said the USB drives contain so-called ‘BadUSB’ attacks. It said the bad USB exploits the USB standards’ versatility and allows an attacker to reprogramme a USB drive to emulate a keyboard to create keystrokes and commands on a computer. It then installs malware prior to the operating system booting, or spoofs a network card to redirect traffic.
According to the commission, numerous attack tools are also installed in the process that allow for exploitation of PCs, lateral movement across a network and installation of additional malware. The tools were used to deploy multiple ransomware strains, including BlackBatter and REvil.
To ngCERT, the attack has been seen in the United States where the USB drives were sent in the mail through the Postal Service and Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.
However, ngCERT has offered recommendations that will enable corporate and individual networks to mitigate the impact of this new cyber-attack and be protected from the ransomware.
These recommendations include a call on individuals and organisations not to insert USB drives from unknown sources, even if they’re addressed to you or your organization. In addition, if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contacts the source to confirm they actually sent the USB drive.
Finally, ngCERT has advised Information and Communication Technology (ICT), as well as other Internet users to report any incident of system compromises to ngCERT via firstname.lastname@example.org, for technical assistance.