Nigeria’s internet police alerts of account takeover spike by cyber criminals

Nigeria has recorded incidents of account takeovers by cybercriminal targeting systems and mobile networks that have been graded “high risk” because of the enormous potential for harm to their victims, the nation’s internet police under the National Security Adviser has alerted.

This comes just as the internet police says Nigerians should raise the security threshold of their passwords after a global study reveals that the top three passwords discovered among users “will take a moderately-skilled hacker less than a second to compromise.    

The Nigeria Computer Emergency Response Team (ngCERT) says in an advisory seen by Technology Times that a series of Account Takeover (ATO) incidents reported to the internet police unit under the NSA’s office targetting systems networks, mobile networks and telephones have been escalated because they affect individuals and organisations and their “potential for harm is enormous.”

“A series of Account Takeover (ATO) incidents have been reported to Nigeria’s ngCERT. An ATO attack occurs when cybercriminals gain access to a user’s credentials in order to compromise the user’s account. This poses numerous risks to the individual and the organisation that he or she represents, as it provides a breeding ground for future attacks for cybercriminals. They frequently change the user credentials once inside, effectively locking the user out,” according to ngCERT.

The Nigerian internet police say: “The implications for ATO are numerous. If cybercriminals gain access to one’s banking apps, they can use it to transfer money from one’s account. If an employee’s account is compromised, it can also be used to phish within an organization. Furthermore, it can be used to steal sensitive information from the organization or insert malware into the network. The potential for harm is enormous.”

Cybercriminals on the prowl have devised a number of methods for obtaining user credentials that have damaging potentials for affected individuals and organisations, ngCERT, which explains four of the four methods used warns.

One of the methods called phishing, according to the internet police, “is the practice of sending malicious emails to targets in order to trick them into disclosing sensitive information such as login credentials.”

Another happens through malware which cybercriminals use “by infecting a target device with malware such as a key logger, spyware, or banking Trojan, cybercriminals can gain access to user credentials and use them to take over a user’s account.”

“A series of Account Takeover (ATO) incidents have been reported to Nigeria’s ngCERT. An ATO attack occurs when cybercriminals gain access to a user’s credentials in order to compromise the user’s account. This poses numerous risks to the individual and the organisation that he or she represents, as it provides a breeding ground for future attacks for cybercriminals.”

ngCERT.

They also use brute-force attacks: A method of trial and error in which an automated script is used to guess multiple passwords against an account in the hopes of eventually finding one that works.

The fourth method called credential stuffing occurs “when usernames and passwords are leaked in a data breach, cybercriminals will attempt to gain unauthorised access to other accounts with the same username by using the leaked password because most people use the same password across multiple accounts.

Account Takeover: How to check falling victim

Nigeria’s ngCERT advises technology users in the country to mitigate risks of falling victim to account takeovers otherwise known as ATO by adopting the underlisted measures:

1. Apply rules of password complexity when creating passwords; also, use different passwords for different accounts. The usage of a password manager simplifies this process.
2. Change passwords periodically.
3. Enable Multi-factor authentication (MFA) on all accounts.
4. Install effective anti-malware solutions on all devices; ensure they are always up-to-date.
5. Keep abreast of phishing techniques and take preventative measures.

Nigeria’s ngCERT was set up to achieve a safe, secure, and resilient cyberspace in Nigeria that provides opportunities for national prosperity, the internet police says.

“ngCERT,” the team’s website says, “is established to prepare, protect, and secure the Nigerian cyberspace in anticipation of attacks, problems, or events. ngCERT is saddled with the responsibility of reducing the volume of future incidents.”

In a related development, ngCERT says that Nigerians just like their counterparts across the world do not adhere to password hygiene rules after a study by Nordpass and a group of independent researchers revealed the 200 most common passwords in 2022.

Nordpass and independent researchers who specialize in cybersecurity incidents,” ngCERT says, “combed through a 3TB database to compile the list of passwords. The researchers had to divide the data into several verticals in order to conduct a statistical analysis focused on countries and gender.”

The study reveals that the top three most commonly used passwords in Nigeria are 123456, 1982, and 12345678 – “all of which will take a moderately-skilled hacker less than a second to compromise,” ngCERT says.

“A weak password,” ngCERT warns, “makes it easier for an attacker to gain access to one’s account. For example, if an attacker gains access to a person’s banking app, the attacker can steal money from the account. If it’s their social media account, the attacker can impersonate them and ask their contacts for money, or even lock them out of the account by changing the email address or password. If the attacker gains access to the victim’s email account, he or she will have access to personal information. If the compromised account is linked to a work account, it can be used to phish coworkers or even launch a business email compromise (BEC) attack.”

To address issues of weak passwords, users are advised to take the following steps:

1. Creating a password that’s long, complex, and unpredictable. This means the password should be at least 12 characters long, be a combination of letters (both uppercase and lowercase), numbers and special characters (symbols), and something that’s not easily guessed.
2. The same password should not be reused across accounts; so if you’re using a particular password for your Facebook account, make sure you use a different one for your banking application because once one account becomes compromised it means the attacker cannot use the same password to compromise your other accounts.
3. Change passwords periodically.
4. To simplify the processes above, use a password manager.

Nigeria: Top 10 Most Common Passwords of Year 2019-2021

                                                                                                                                                                                                                              Source: Nordpass.