March 31, (THEWILL) – The Nigerian Communications Commission (NCC), has alerted to new cyber threats targeting computer application platform and routers.
The NCC made the disclosure in a statement on Thursday.
The Computer Security Incidents Response Team (CSIRT), a unit set up by the NCC for the telecoms sector made the discovery.
The CSIRT explained that two cyber threats were spotted, adding that while one is targeting Windows Platforms, the other targets routers.
The NCC said, “The first cyber threat is a ransomware known as ‘Lokilocker’, which is capable of wiping data from all versions of Windows systems or platforms. It causes data loss, and denial of service, which reduces user’s productivity.
“Lokilocker, is a relatively new ransomware that has been discovered by security researchers and belonging to the ransomware family.
“Lokilocker operates by encrypting user files and renders the compromised system useless if the victim does not pay the demanded ransom in time.
“To hide the malicious activity, the ransomware displays a fake window update screen, cancels specific processes and services, and completely disables the task manager, windows error reporting, machine firewall and windows defender of the compromised system.
“Sadly, it also has in-built processes that prevent data recovery as it deletes backup files, shadow copies, and removes system restore points.
“It also overwrites the user login note and modifies original equipment manufacturer (OEM) information in the registry of the compromised system.”
The CSIRT advised that to “protect against infections by LokiLocker and similar ransomware, the best rule is to always have a backup copy of your data, which should be stored offline.”
The NCC CSIRT said further that downloads and email attachments should be opened with caution due to the cyber threat.
According to the security unit, e-mails from trusted sites or senders should be properly censored before opening.
The second cyber threat discovered by the NCC CSIRT is a Botnet. NCC said Botnet targets the Microtik version of Routers.
Thousands of routers from Microtik have been found to be vulnerable and are being used to constitute what has been named one of the largest botnets in history, said the commission.
The NCC said, “Botnet exploits an already-known vulnerability, which allows unauthenticated remote attackers to read arbitrary files and authenticated remote attackers to write arbitrary files, due to a directory traversal vulnerability in the WinBox interface.
“The vulnerability which was previously fixed allowed the perpetrators to enslave all the routers and then rent them out as a service.
“To be protected against this botnet, NCC CISRT advised users to update or apply the latest patches to their routers early, set strong router passwords, disable the administration interface of the routers from the public, stay away from illegitimate or cracked software versions of legitimate applications, and use decent antivirus software with in-built web-filtering, and apply the latest patches as soon as they arrive.”
About the Author
