Cyberplural has released it’s 2022 cybersecurity report. Cyberplural is a cybersecurity company based in Abuja that provides cybersecurity services such as security operations, threat intelligence. System assessment and Audit, research and development and also cybersecurity training.
Some insight on the Report.
This is Cyber Plural’s first edition of this report which details security incidents , trends, impacts and changes in the Nigeria’s cybersecurity space.
- CVEs from Q4 of 2021 and Q1, Q2 and Q3 of 2022 are still been exploited. Critical National Infrastructure (CNI) of countries and businesses continue to be the target of multiple breaches and ransomware attacks in Q4.
- Certain threat actors or groups are now going around with phishing campaigns targeted at businesses
/organizations in Nigeria. Hosted their novel script that will harvest unsuspecting users’ credentials on IPFS.
- From phishing scams to backdoor breaches, a wide range of cyberattacks have been used just this year to
steal millions of dollars in crypto. Interesting was the use of crypto stealer malware targeting crypto platform extensions in browsers.
- Threat Actors were observed to be scanning for and attempting exploitation for initial access vulnerabilities such as Log4j, and Exchange vuln; across organizations in Nigeria with combined pressure by leveraging social engineering through phishing emails containing info stealer malware.
- Several unreported incidents involving misconfiguration of cloud infrastructure and insecure applications design have led to breaches of confidentiality, availability and integrity within the startup space.
Persistent Threat Actors Operations.
It is the case with the activities of the threat actor (TA) /group that the team observed for almost 3 weeks in the month of November. During this period (starting from the second week of November), our observations revealed the interest of the threat actor/group which was to gain initial access leveraging possible vulnerabilities on the Internet facing assets.
- Several unreported incidents hit Nigerian businesses, as many continue to treat cybersecurity incidents as IT related problems. This has resulted in huge downtime of services and financial loss for affected businesses.
- CVEs from Q4 of 2021 and Q1, Q2 of 2022 are still been exploited. CNIs of countries and businesses are the target of multiple breaches and ransomware attacks in Q3. Government-wide network attacks and breaches become prevalent.
- Our Dark web HUMINT engagement reported the proliferation of new tools and upgrades to existing and
new variants of ransomware from Ransomware groups. Invitation-only forums focused on initial access are also been leverage by cyber criminals.
Cyber Plural’s Threat Intelligence Team came across a server on the Internet serving critical information identified to be related to businesses and organizations that are more focused on finance / FinTech in Nigeria.
- A relatively new social engineering technique known as “MFA Fatigue” has been successfully used to
compromise employee accounts at large corporations like Uber, Microsoft, and Cisco.