Bulwark Intelligence

Cyber Security

CURATED OSINT, CYBER SECURITY, INTELLIGENCE, Reports, SECURITY THREATS

Cyber security in Nigeria, are we exposed?

1.  Attacks by the Anonymous have exposed vulnerabilities in Nigeria’s cyber space.  Nigeria fell prey for attacks known as hacktivism. Hacktivism is the act of using legal and/or illegal hacking tools in pursuit of political ends, free speech, and supporting human right and dignity. Those who perpetrate hacktivism are known as hacktivists. They are the modern-day equivalent of political protesters, expressing their frustration digitally. Anonymous is one of the most popular hacktivist groups in the world.  The attacks that we saw on Nigerian government institutions, banking institutions and other organizations, were carried out by Hacktivists in support of the EndSARS protests that took place.  2. How exposed are we?                                                  During the attacks against Nigerian targets during the EndSARS campaign, there were cases of Doxxing (when a hacktivist group leaks confidential information of public figures) and DDoS attacks (where targeted computer systems are overloaded and  company or organization websites are crashed) that were reported. These included: The release of confidential information of some Nigerian police personnel, the hacking of twitter accounts of the Nigerian Broadcasting Commission, the Disruption of both the Central Bank of Nigeria website, and the Web version of the Nigerian Police Force website.         The bad news is that the cyber attacks exposed the vulnerabilities of a number of Nigerian entities and institutions, and these were exploited by attackers. The good news is that the Cyber Security departments can begin to put the necessary measures in place to prevent a recurrence in the future. 3. Why so much exposure; what investments are needed to secure sensitive assets and how ready is govt to put money down? Cyber-attacks are inevitable in today connected world. The discussion around cyber security is not “if” we get attacked, but “when” we get attacked.  With this understanding, the government departments responsible for cyber security must take the necessary steps to improve their incident prevention, response, management and recovery processes.  Some of these steps are not expensive, it’s just that it requires meticulous implementation and fewer room for errors. For example, some targeted systems tend to have out-date software. Preventing such attacks in the future will require regular audit of monitoring systems, to ensure they are up to date and functioning as they should.  Attackers often go after what they deem as soft targets. So organizations must take steps to ensure they are not easy targets. Conducting tests to see where they are exposed/vulnerable and then setting up adequate defenses, will be a step in the right direction.

CURATED OSINT

Cyber tops list of threats to US, Director of National Intelligence Says

By Jim Garamone  It’s a measure of the growth of cyber and America’s vulnerability to it that the cyber threat was at the top of the list of worldwide threats the director of national intelligence chose to highlight at a Senate Select Committee on Intelligence hearing today. Daniel Coats also covered Russia, China, Iran, North…

The post Cyber tops list of threats to US, Director of National Intelligence Says appeared first on Global Sentinel.

CURATED OSINT

NITDA warns MDAs on cyber security threats

  Babatunde Abiodun The National Information Technology Development Agency (NITDA) has warned Ministries, Departments and Agencies (MDAs), other government establishments, the organised private sector and the general public of potential cyber-attacks likely to be experienced this year as well as the precautionary measures to be taken. The Agency’s Computer Emergency Readiness and Response Team (CERRT),…

The post NITDA warns MDAs on cyber security threats appeared first on Global Sentinel.

CYBER SECURITY

Hey, October Is Cyber Security Awareness Month! Cyber Safety tips for Nigerians.

Introduction   The United States of America designates every October as ‘’National Cyber Security Awareness Month’’ (NCAM). Initiated in 2004, the National Cyber security Awareness Month is a collaboration between government —the U.S. Department of Homeland Security — and private industry — the National Cyber Security Alliance, and other partners. The National Cyber Security Awareness Month campaign is aimed at raising awareness about the importance of cyber security (safeguarding digital information) and to increase resiliency in the event of an incident. The National Cyber security Awareness Month campaign is a global call to action. Canada, Europe and other countries have joined the fray. Africa, especially Nigeria must take a cue. The advent of the internet and social media has revolutionized virtually every facet of our daily life. Incidents of cyber attack, hacking, ramsomware are commonplace.   Distance is Not A Barrier   The inherent danger in cyber attacks is that distance is NOT a barrier. A hacker in North Korea can wreak havoc in Nigeria from the comfort of his bedroom. In September 2017, Equifax Inc., a United States consumer credit reporting agency says a huge cyber security breach compromised the personal information of as many as 143 million Americans — almost half the country. Cyber criminals accessed sensitive information — including names, social security numbers, birth dates, addresses, and the numbers of some driver’s licenses. Washington Post reported in May 2017, how more than 150 countries were affected by massive ramsomware cyber attack. Schools, hospitals, vehicle manufacturing, telecommunications, banks, businesses and other establishments were affected. The malware, deployed in this ransomware cyber attack is known as WanaCrypt0r 2.0, or WannaCry. Also recall that in 2015, a multinational gang of cyber criminals dubbed “Carbanak’’, infiltrated more than 100 banks across 30 countries and stole upwards of one billion dollars over a period of roughly two years. Cyber criminals steal more than £47 million annually through ATM card cloning (skimming) in the United Kingdom. Nigeria’s Minister of Communications, Adebayo Shittu says cyber crime costs Nigeria N 127 billion annually. A recent Kaspersky Cyber security Index estimates that up to 40 percent of people still leave their devices unprotected from online threats. A cybersecurity special report suggests that ransomware will worsen due to the increasing penetration and inherent vulnerabilities in Internet of Things (IoT), medical devices, web cameras, IP Phones, Internet Protocol (IP) CCTV Cameras, DVRs, SmartHouses or SmartCities, wearables such as SmartWatches, public Wi-Fi, and proliferation of mobile Apps with malicious codes, amongst others. Governments alone cannot curb cyberthreats. All hands must be on deck! Be #CyberAware! This explains why the overall theme of the October 2017 cybersecurity awareness month is, ‘’Cybersecurity is a shared responsibility’’.   Cyber Safety Tips   The United States Department of Homeland Security, DHS, encapsulates online safety best practices in a catchphrase: STOP. THINK. CONNECT. The first step is to STOP: ensure security measures are in place. THINK: about the far-reaching consequences of your actions/online activities. CONNECT: and enjoy your devices with more peace of mind. Take heed of the following cyber safety tips, habits: 1. Be vigilant against ransomware: Ransomware cyber attacks has become one of the biggest cyber security threats. Ransomware is coined from – ‘’ransom’’ – money demanded in return of a captured person or something valuable. Ransomware is malicious software remotely deployed by cyber criminals (cyber-extortionists) to encrypt, hold valuable digital information ‘hostage’ until a ransom is paid. A combination of the following tips will help prevent not just ransomware but other forms of cyber attacks, data breaches. 2. Use strong, unique passwords, pass-codes or touch ID features to lock your devices (or use a password manager): Research says more than half of Internet users choose the same password for everything they do online. Common passwords such as — ‘’123456’’, ‘’QWERTY’’, ‘’password’’, among others are easy to guess and compromise. Instead of the aforementioned common passwords, try using multi word phrase or easy to remember sentence (e.g. I am Passionate About Cyber security); incorporate numbers and special characters such as #@&^. Better still, use two-factor authentication or a password manager. 3. Protect your online identity and security on social media platforms: Social media and messaging platforms – Twitter, Facebook, LinkedIn, Instagram, WhatsApp, amongst others, have become intrinsic part of our daily lives. They help us communicate, network, stay abreast of news and events. Your personal information (date of birth etc.), games you like to play; your contacts list, your itinerary and location are assets to cyber criminals. Be wary who gets such data and which Apps harvest such info. 4. Keep software, Anti-virus, Applications updated: A cyber security rule-of-thumb in securing your personal computer, smart device is keeping your operating system and all software, Applications up-to-date. Software updates help patch vulnerabilities. 5. Secure your Wi-Fi (or use a VPN): When a Wi-Fi or hotspot connection is not secured properly (weak password), it can be an Achilles’ heel for hackers to penetrate. If for some reason you have no choice but to use a public Wi-Fi network (hotspot), ensure you secure your connection by using a VPN (virtual private network). This will ensure your data is encrypted. 6. Should a suspicious process be detected on your computer or device, promptly turn off the Internet connection. This is particularly efficient during the early stage of a cyber attack because the ransomware won’t get the chance to launch a connection with its remote Command and Control server and thus cannot complete the encryption process. 7. Switch off unused wireless connections, such as Bluetooth or infrared ports. Cybercriminals can surreptitiously exploit a Bluetooth to launch a cyberattack or compromise a computer, a mobile device. 8. Tor (The Onion Router) Internet Protocol (IP) addresses or gateways are usually the preferred route for ransomware to communicate with their Command and Control servers. Hence, blockading such IP addresses may impede a malicious malware from infiltrating. 9. When in doubt, throw it out: If an email, link, attachment, social media post, advertisement, picture or video look suspicious, even if you know the source,

CYBER SECURITY

22 Ransomware, Cyberattack Prevention Best Practices

Key rule of thumb is to ensure that very important files or documents are backed up on a regular basis. Backups are useful only if they’re created prior to a ransomware attack. Dedicated backup software such as Acronis’s True Image supports data recovery onto different hardware. Preferably, backups should be spread in such a way that the failure of any single point won’t lead to the irreversible loss of data. It is advisable to store one copy in the cloud or employ Microsoft’s OneDrive, Dropbox storage facilities, and the other on offline physical storage gadgets such as a portable Hard Disk Drive (HDD). Ensure data access privileges and read/write permissions are set, so that the files cannot be modified or erased and also to check the integrity of your backup copies once in a while. Ensure your Windows operating system is updated with Microsoft’s latest Security Bulletin MS017-010: Security Update for Microsoft Windows SMB Server (4013389) released in March 2017. Devices that were updated with the patch would have been automatically protected from WannaCry ramsomware but it is probable that many organizations, individuals may not have updated their systems or installed the update. Systems with older versions of Windows XP that no longer have mainstream support should refer to Microsoft’s blog for details of emergency security patches released in response to WannaCry. Keep Microsoft Windows Firewall turned on and properly configured at all times and enhance your protection more by setting up additional Firewall protection. Disabling Windows Script Host could be an efficient preventive measure, as well. Consider disabling Windows PowerShell, which is a task automation framework. Keep it enabled only if absolutely necessary. Enhance the security of your Microsoft Office components (Word, Excel, PowerPoint, Access, etc.). In particular, disable macros and ActiveX. Additionally, blocking external content is a dependable technique to keep malicious code from being executed on the PC. To ward off a strain of ransomware known as Cerber, disable Macros in your Microsoft Office programs. Make sure your antivirus, browsers, Adobe Flash Player, Java, and other system software or Applications are up-to-date. Fine-tune your security software to scan compressed or archived files, if this feature is available. Ensure you install a browser add-on to block popups as they can also pose an entry point for ransom Trojan attacks. Should a suspicious process be detected on your computer or device, promptly turn off the Internet connection. This is particularly efficient during the early stage of a cyberattack because the ransomware won’t get the chance to launch a connection with its remote Command and Control server and thus cannot complete the encryption process. Personalize your anti-spam settings the right way: Most ransomware strains are known to spread via eye-catching emails that contain contagious attachments. It is advisable to configure a webmail server to block dubious attachments with extensions like .exe, .vbs, or .scr. Desist from opening suspicious looking attachments: This doesn’t only apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a financial institution. Be very heedful before clicking on links: Dangerous hyperlinks, especially shortened urls can be received via email, social media or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible. The Show File Extensions feature can thwart ransomware plagues, as well. This is a native Windows functionality that allows you to easily tell what types of files are being opened, so that you can keep clear of potentially harmful files. Cybercriminals may also utilize a confusing technique where one file can be assigned a couple of extensions. For instance, an executable may appear like an image file and have a .gif extension. In some cases, files look like they have two extensions – e.g., cute-dog.avi.exe ortable.xlsx.scr – so be sure to pay attention to tricks of this sort. A standalone known attack vector is through malicious macros enabled in MS Word documents. Consider disabling the vssaexe functionality in your system. This functionality built into Windows to administer Volume Shadow Copy Service is normally a handy tool that can be used for restoring previous versions of arbitrary files. In the framework of rapidly evolving file-encrypting malware, though, vssadmin.exe has turned into a problem rather than a favorable service. If it is disabled on a computer at the time of a compromise, ransomware will fail to use it for obliterating the shadow volume snapshots. This means you can use VSS to restore the blatantly encrypted files afterwards. Use two-factor authentication and strong passwords that cannot be brute-forced by remote criminals. Set unique passwords for different accounts to reduce the potential risk. Deactivate AutoPlay in your system. This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives. You may have to disable file sharing. By so doing, the ransomware infection will be restricted only to the infected system. Consider restricting remote services. Otherwise, the threat could rapidly propagate across the enterprise network, thus calling forth serious security issues for the business environment if your computer is a part it. For example, the Remote Desktop Protocol can be leveraged by the black hat hackers to expand the attack surface. Switch off unused wireless connections, such as Bluetooth or infrared ports. Cybercriminals can surreptitiously exploit a Bluetooth to launch a cyberattack or compromise a computer, a mobile device. Turn off Wi-Fi when not in use: It is known that hackers can launch a cyberattack on a computer system, a mobile device through vulnerable, unsecure Wi-Fi networks. Use very strong passwords to protect your Wi-Fi. Beware of using public Wi-Fi’s. Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system. The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow. Tor (The Onion

CYBER SECURITY

Best Practices To Prevent Ransomware and Other Cyberattacks

A unique strain of ransomware known as ‘’WannaCry’’or ‘’Wanna DeCryptor’’, ‘’wcry’’, infected more than 300,000 vulnerable systems globally, across 150 countries since Friday, 12 May, 2017. WannaCry installs Doublepulsar – a backdoor that allows the device to be remotely controlled. The malware freezes the infected device, pops up a red screen with the message, “Oops, your files have been encrypted!” It goes ahead to demand ransom payment in Bitcoin (equivalent to $300-$600) before subsequently destroying the encrypted files if payment is not made. To offer an insight on the consequences of the WannaCry ransomware attack, the Chinese state media says about 29,372 institutions was infected along with hundreds of thousands of devices. In Japan, 2,000 computers at 600 locations were reportedly affected. The ‘’WannaCry’’ransomware attack also denied access to confidential patient information, stalled x-rays, surgeries and other critical healthcare services in at least 47 hospitals under the auspices of the United Kingdom’s National Health Service (NHS). The list goes on. Envisage a Stuxnet cyberattack on a vulnerable nuclear warhead or submarine. Tragedy! What Is A Ransomware? Ransomware is coined from the age-old word- ransom – money demanded for the return of a captured person or something valuable. Ransomware is a malicious software remotely deployed by cybercriminals or cyber-extortionists to encrypt, or hold valuable digital information ‘hostage’ until a ransom is paid. Who Was Responsible For WannaCry Ransomware? Ransomware, cybersattacks could be propagated by Nation States (cyberwarfare, cyberterrorism), or by cybercriminals who render ‘ransomware-as-a-service’ (RaaS) – offering tools or charging clients a fee to help them disseminate ransomware. Preliminary technical clues, coding similarities connects the WannaCry ransomware cyberattack to the Lazarus Hacking Group, a North Korean cyber outfit previously blamed for the cyberattack, theft of $81 million from a Bangladesh bank in 2016 and on Polish banks in February 2017. It is widely accepted that masterminds of ‘’WannaCry’’ ransomware exploited the ‘Eternal Blue Hacking Weapon’ created by the United States’ National Security Agency (NSA) which was stolen and dumped online by the ‘’Shadow Broker’’ hacking group to gain access to systems powered by Microsoft Windows. Why Ransomware, Cyberattacks Will Persist The proliferation of ransomware, cyberattacks is not surprising to tech-savvy minds because a Kaspersky Lab’s IT Threat Evolution Q1 2016 report envisioned ransomware emerging as the biggest cybersecurity threat. Similarly, the United States Securities and Exchange Commission (SEC) warned in 2016 that the biggest risk the financial system faces is cybersecurity. A cybersecurity special report suggests that ransomware will worsen due to the increasing penetration and inherent vulnerabilities in Internet of Things (IoT), medical devices, web cameras, IP Phones, Internet Protocol (IP) CCTV Cameras, DVRs, SmartHouses or SmartCities, wearables such as SmartWatches, public Wi-Fi, and proliferation of mobile Apps with malicious codes, amongst others. The good news is that there are ways around ransomware, cyberattacks. As we know, prevention is better and cheaper than cure. Modus Operandi of WannaCry Ransomware Attackers can distribute ransomware via email attachments, exploit kits, botnets. The WannaCry ransomware attack essentially employs a notorious vulnerability in Microsoft Windows operating system to spread and infect machines. Solution To Ransomware, Cyberattacks F-Secure, a Finnish cyber security and privacy company based in Helsinki, Finland, recommends the need for a four-phase approach to cybersecurity: Predict, Prevent, Detect, and Respond. Predict by performing an exposure analysis; prevent by deploying a defensive solution to reduce the attack surface; respond by determining how a breach happened and what impact it had on systems; and detect by monitoring infrastructure for signs of intrusion or suspicious behaviour. Let’s further elaborate how to prevent ransomware, cyberattacks. Conclusion/Recommendation It is encouraging that Nigeria’s National Information Technology Development Agency (NITDA) has asked Nigerians to contact its Computer Emergency Readiness and Response Team (CERRT) for assistance regarding ransomware, cyberattack. CERT can be reached via telephone on +2348023275039 or e-mail: [email protected]. Given the proliferation of ransomware, cyberattacks and given the fact that cybersecurity is constantly evolving; it is incumbent on the Nigerian government and relevant agencies to formulate and implement an up-to-date national cybersecurity policy that is fit for purpose. Ongoing public awareness on cybersecurity issues and best practices will be of help. Written by:© Don Okereke (Security Junkie/Analyst/Consultant, Writer) CEO Holistic Security Background Checks Limited (RC 1407617) Follow me on Twitter: @donokereke www.donokereke.blogspot.com

Scroll to Top