October 14, (THEWILL) – The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT), have rolled out a series of preventive measures, following increased reports of Account Takeover (ATO) incidents to the Nigeria Computer Emergency Response Team (ngCERT).
A recent advisory from the body described an ATO attack when cybercriminals gain access to a user’s credentials, in order to compromise the user’s account, pose numerous risks to the individual and the organisation that he or she represents, as it provides a breeding ground for future attacks by cybercriminals, who change the user credentials once inside the account, effectively locking the user out.
Measures prescribed by NCC-CSIRT for mitigating falling victim to an ATO attack, applying rules of password complexity when creating passwords and using different passwords for different accounts, which is simplified by the usage of a password manager.
Other measures are changing passwords periodically, enabling Multi-factor authentication (MFA) on all accounts, installing up-to-date effective anti-malware solutions on all devices and keeping abreast of phishing techniques as well as taking preventative measures.
The measures were in response to the trend whereby cybercriminals have devised several methods for obtaining user credentials through methods like phishing, which involves sending malicious emails to targets to trick them into disclosing sensitive information such as login credentials.
They also infect a target device with malware such as a key logger, spyware, or banking Trojan, which allows cybercriminals to gain access to user credentials and use them to take over a user’s account.
Another method of cybercriminals is the use of brute-force attacks, a method of trial and error in which an automated script is used to guess multiple passwords against an account in the hope of eventually finding one that works. In addition to credential stuffing, when usernames and passwords are leaked in a data breach, cybercriminals will attempt to gain unauthorized access to other accounts with the same username by using the leaked password, because most people use the same password across multiple accounts.
NCC-CSIRT rated the probability of an ATO attack as high with the potential for doing critical damage as its implications are numerous. These include cybercriminals that gained access to one’s banking apps using them to transfer money from one’s account. If an employee’s account is compromised, it can also be used to phish within an organisation, steal sensitive information from the organisation or insert malware into the network.
The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.
The CSIRT also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall.
About the Author
Anthony Awunor, is a business correspondent who holds a Bachelor of Arts Degree in Linguistics (UNILAG). He is also an alumnus of the Nigerian College of Aviation Technology (NCAT), Zaria Kaduna State. He lives in Lagos.
