TOP THREE COUNTRIES EXPOSED TO CYBERCRIME AND ONE IS AN AFRICAN COUNTRY

An International expert has listed Namibia as on the top three countries exposed to malware and cyber-crimes due to lack of communication and coordination policy on dealing with cyber related issues.

 Malware is a software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Antony Ming an international cyber security expert with vast experience spanning over 25 years in the industry, revealed that African countries in general and Namibia in particular remain the most exposed to malware because of an availability of skills as well as lack of knowledge sharing on cybercrimes.

The laxity in dealing with malware in Namibia and other African countries has potential to expose sensitive systems and institutions to the ugly practice of hacking and stealing of personal data by those in the trade.

 Ming told delegates attending the Commonwealth Cyber Security Workshop in Windhoek last week that Namibia is ranked third on the countries that are highly exposed to malware in Africa.

He said 2.9 percent of the malware associated crimes occur in Namibia highly exposing institutions such as banks,

Ming said the Namibia and many African countries are failing to tap on the knowledge exchange as well as government agencies, and parastatals to possible hacking because of a failure at policy level to share information on how best to combat the challenge.

The Asian expert added that while Namibia and other countries have brilliant tertiary institutions with ability to assist in the challenges associated with malware in government and key institutions little or nothing is done to tap on the available knowledge.

“In the case of Namibia, I would say you have the best opportunity to fight this using the Namibia University of Science and Technology. This is a perfect opportunity for government and corporates to tap into the skills produced by NUST to assist in fighting this challenge. You could also work with other institutions like Interpol because they have a database of the new tricks that are being used by cyber criminals and hackers,” he said.

Ming also added that Africa’s situation, which is highly relaxed in terms of dealing with malware, is also exacerbated by the unavailability of a centralised communication and investigation point dealing with the challenge.

“In Namibia, you would find that if a large company is hacked or experiences this challenge they would not say this to the government or institutions and in most cases this is because of fear of criticism. This creates a lack of communication between stakeholders in dealing with malware as a collective,” he said.

Experts chart focus for cyber security in 2019

Cyber security experts in the country Nigeria  have urged organisations to focus on increased awareness as well as creating a world class capacity development and training for their key personnel in charge of protecting their critical information.

This is against the backdrop of several reports pointing at increase in cyber- attacks this year.According to William Makatiani, managing director, Serianu, “cybersecurity is a relatively new field in Africa. And for the longest time, top multinational banks were the target for cyber-attacks and the biggest concerns for SMEs was physical security of their crown jewels. This means, SMEs did not see the business value of investing in cybersecurity controls since the risks for them were low. However, with the recent digitization, SMEs have opened up most of their channels and operations to the internet.

“This swift shift in operation models without investment in controls, lack of awareness and the mere fact that SMEs make up almost 80% of institutions in Africa has contributed to the high percentage of organisations operating below the poverty line.”He described security poverty line as the point below which an organisation cannot effectively protect itself against losses to cyber attackers.

“These organizations spend a maximum of USD 1,500 annually on cybersecurity technologies and services. Among characteristics of organisations operating below the cyber security poverty line include; lack of the minimum requirement for fending off an opportunistic adversary.

“Conduct substantial training and awareness activities both for corporates and general citizens. This will empower users with skills to identify cybercrime and take necessary steps to stop or contain the threat.” He added.Peter Obadare, chief operating officer, Digital Encode, said that major challenge organizations face in the fight against cybercriminal and cyber warfare is lack of trained manpower.

“I have been in cybersecurity ecosystem for many years now and have identified lack of trained manpower in most organizations. Cybersecurity is not a certificate that speaks for you, but a continuous training to be ahead of the smart criminals, most organisations find it difficult to continually update their IT security staff to be able to face cyber threats,” he said.

Ahmed Adesanya, IT Security and Connectivity consultant, added that National Information Technology Development Agency (NITDA) should come out with a framework that organizations must follow in order to secure their sensitive data which will also provide a coordinated approach to fighting cybercrime, especially, now that organizations have taken their businesses to the cloud.

West African banks hit by multiple hacking waves last year

Banks and financial institutions in West Africa have been hit by four different hacking campaigns last year, according to a report published today by US cyber-security giant Symantec.


Organizations in Cameroon, Congo (DR), Equatorial Guinea, Ghana, and the Ivory Coast have been hit, Symantec said today.

The attacks, which haven't yet been attributed to any hacking group, in particular, have used low-end malware strains and applications natively found on Windows systems (a tactic known as "living off the land").

The malware used in these attacks is the kind you find shared for free online, or anyone can buy via dedicated websites or from hacking forums.

The list includes Cobalt Strike (a pen-testing framework repurposed as a modular backdoor), Mimikatz (a pen-testing tool repurposed as a password stealer), and the NanoCore, Imminent Monitor, and Remote Manipulator System, all three being remote access trojans (RATs).

On top of these, Symantec says that hackers also used local tools such as PowerShell (a native Windows scripting utility), PsExec (a Microsoft Sysinternals tool used for executing processes on networked systems), and Windows RDP (a native Windows utility for connecting to remote Windows systems via a desktop-like interface). Attackers also deployed UltraVNC, an open-source remote administration tool that some companies' system administrators install so they can connect and manage remote systems, a-la TeamViewer, PsExec, or RDP.

Below is a summary of the four different hacking campaigns that Symantec saw aimed at West African banks and financial institutions last year. The company isn't yet sure if they've been carried out by the same group, or not.

While some readers might be surprised by the focus on attacking African banks, this is, actually, a trend that many industry experts saw coming.

Over the past two years, there have been concerted efforts from different hacking crews, some of Russian and some of North Korean origin, that have focused on banks and financial institutions located in South East Asia, Eastern Europe, and South America.

Experts from multiple cyber-security firms pointed out that the reasons banks are targeted in these regions are because there's a high chance that not all invested in their IT infrastructure and cyber-security measures. A poorly designed and unsupervised network makes attacks easier to carry out and hacks easier to hide for long periods of time, compared to an attack aimed at banks located in Western Europe or North America.

Lacking from reports from the past years was Africa, which surprisingly hasn't been targeted until now, according to Symantec.

Unfortunately, the African financial sector's period of calm appears to be over.