Connect with us

Monday 8th August, 2022

TechExtra

Stolen Credentials Selling On Dark Web -New HP Wolf Security Report

…Exposes ironic “honour among thieves” as cybercriminals rely on dispute resolution services,
₦1,230,793 vendor bonds and escrow payments to ensure “fair” dealings

Share Post

Published

on

Photo credit: Investopedia

 

HP Inc. Friday released The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back – an HP Wolf Security Report.

The findings show cybercrime is being supercharged through “plug and play” malware kits that make it easier than ever to launch attacks.

Findings further showed that Cyber syndicates are collaborating with amateur attackers to target businesses, putting the online world at risk.

The HP Wolf Security threat team worked with Forensic Pathways, a leading group of global forensic professionals, on a three-month dark web investigation, scraping and analysing over 35 million cybercriminal marketplaces and forum posts to understand how cybercriminals operate, gain trust, and build reputation.

Key findings include:

  • Malware is cheap and readily available – Over three quarters (76%) of malware advertisements listed, and 91% of exploits (i.e., code that gives attackers control over systems by taking advantage of software bugs), retail for under ₦4,923.17. The average cost of compromised Remote Desktop Protocol credentials is just ₦2,092.35. Vendors are selling products in bundles, with plug-and-play malware kits, malware-as-a-service, tutorials, and mentoring services reducing the need for technical skills and experience to conduct complex, targeted attacks – in fact, just 2-3% of threat actors today are advanced coders.
  • The irony of ‘honor amongst cyber-thieves’ – Much like the legitimate online retail world, trust and reputation are ironically essential parts of cybercriminal commerce: 77% of cybercriminal marketplaces analysed require a vendor bond – a license to sell – which can cost up to ₦1,230,793. Eighty-five per cent of these use escrow payments, and 92% have a third-party dispute resolution service. Every marketplace provides vendor feedback scores. Cybercriminals also try to stay a step ahead of law enforcement by transferring reputation between websites – as the average lifespan of a dark net Tor website is only 55 days.
  • Popular software is giving cybercriminals a foot in the door– Cybercriminals are focusing on finding gaps in software that will allow them to get a foothold and take control of systems by targeting known bugs and vulnerabilities in popular software. Examples include the Windows operating system, Microsoft Office, web content management systems, and web and mail servers. Kits that exploit vulnerabilities in niche systems command the highest prices (typically ranging from ₦393,853.76 – ₦1,723,110.20). Zero Days (vulnerabilities that are not yet publicly known) are retailing at tens of thousands of dollars on dark web markets.
ALSO READ  Residents Card Relaunch: SecureID Group Applauds Lagos State Govt

“Unfortunately, it’s never been easier to be a cybercriminal. Complex attacks previously required serious skills, knowledge and resource.

“Now the technology and training is available for the price of 3 litres of fuel. And whether it’s having your company and customer data exposed, deliveries delayed or even a hospital appointment cancelled, the explosion in cybercrime affects us all,” comments report author, Alex Holland, Senior Malware Analyst at HP Inc.

“At the heart of this is ransomware, which has created a new cybercriminal ecosystem rewarding smaller players with a slice of the profits.

“This is creating a cybercrime factory line, churning out attacks that can be very hard to defend against and putting the businesses we all rely on in the crosshairs,” Holland adds.

HP consulted with a panel of experts from cybersecurity and academia – including ex-black hat hacker Michael ‘Mafia Boy’ Calce and authored criminologist, Dr. Mike McGuire – to understand how cybercrime has evolved and what businesses can do to better protect themselves against the threats of today and tomorrow.

They warned that businesses should prepare for destructive data denial attacks, increasingly targeted cyber campaigns, and cybercriminals using emerging technologies like artificial intelligence to challenge organisations’ data integrity.

To protect against current and future threats, the report offers up the following advice for businesses:

Master the basics to reduce cybercriminals’ chances: Follow best practices, such as multi-factor authentication and patch management; reduce your attack surface from top attack vectors like email, web browsing and file downloads; and prioritise self-healing hardware to boost resilience.

Focus on winning the game: plan for the worst; limit risk posed by your people and partners by putting processes in place to vet supplier security and educate workforces on social engineering; and be process-oriented and rehearse responses to attacks so you can identify problems, make improvements and be better prepared.

ALSO READ  Technology Remains A Vital Tool For National Security –NITDA DG

Cybercrime is a team sport. Cybersecurity must be too: talk to your peers to share threat information and intelligence in real-time; use threat intelligence and be proactive in horizon scanning by monitoring open discussions on underground forums; and work with third-party security services to uncover weak spots and critical risks that need addressing.

“We all need to do more to fight the growing cybercrime machine,” says Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc.

“For individuals, this means becoming cyber aware. Most attacks start with a click of a mouse, so thinking before you click is always important. But giving yourself a safety net by buying technology that can mitigate and recover from the impact of bad clicks is even better.”

“For businesses, it’s important to build resiliency and shut off as many common attack routes as possible,” Pratt continues.

“For example, cybercriminals study patches on release to reverse engineer the vulnerability being patched and can rapidly create exploits to use before organisations have patched. So, speeding up patch management is important.

“Many of the most common categories of threat such as those delivered via email and the web can be fully neutralised through techniques such as threat containment and isolation, greatly reducing an organisation’s attack surface regardless of whether the vulnerabilities are patched or not.”

The full report can be found here:  https://threatresearch.ext.hp.com/evolution-of-cybercrime-report/

 

Share Post
Continue Reading

TechExtra

CloudFare DDoS Report Shows Q2 of 2022 Witnessed Largest DDoS Attacks Ever

Highlights of the report showed that the war on the ground between Russia and Ukraine continues to be accompanied by attacks targeting the spread of information.

Share Post

Published

on

Photo Credit: Kaspersky

A recent CloudFare DDoS report for 2022, has shown that Q2 of 2022 Q2 witnessed some of the largest attacks the world has ever seen including 26 million requests per second HTTPS DDoS attacks.

These attacks were automatically detected and mitigated by CloudFare, in addition to attacks against Ukraine and Russia continuing, whilst a new Ransom DDoS attack campaign emerged.

Highlights of the report showed that the war on the ground between Russia and Ukraine continues to be accompanied by attacks targeting the spread of information.

Broadcast Media companies in Ukraine were the most targeted in Q2 by DDoS attacks.

On the other hand, in Russia, Online Media dropped as the most attacked industry, replaced by Banking, Financial Services and Insurance (BFSI) companies.

Almost 45% of all application-layer DDoS attacks targeted the BFSI sector. Cryptocurrency companies in Russia were the second most attacked.

In terms of Ransom attacks, June 2022, saw a peak to the highest of the year Overall in Q2, the per cent of Ransom DDoS attacks increased by 11% QoQ.

In 2022 Q2, application-layer DDoS attacks increased by 72% YoY. Organizations in the US were the most targeted, followed by Cyprus, Hong Kong, and China. Interestingly attacks on organizations in Cyprus increased by 166% QoQ.

The Aviation & Aerospace industry was the most targeted in Q2, followed by the Internet industry, Banking, Financial Services and Insurance, and Gaming / Gambling in fourth place.

In 2022 Q2, network-layer DDoS attacks increased by 109% YoY. Attacks of 100 Gbps and larger increased by 8% QoQ, and attacks lasting more than 3 hours increased by 12% QoQ.

ALSO READ  DA 2021: NITDA DG Insists 5G Technology Crucial To 4th Industrial Revolution

The top attacked industries were Telecommunications, Gaming / Gambling and the Information Technology and Services industry.

Commenting on the report, Bashar Bashaireh, Managing Director, Middle East & Turkey, Cloudflare says, “Cloudflare’s mission is to help build a better Internet. A better Internet is one that is more secure, faster, and reliable for everyone even in the face of DDoS attacks.

“As part of our mission, since 2017, we’ve been providing unmetered and unlimited DDoS protection for free to all of our customers. Over the years, it has become increasingly easier for attackers to launch DDoS attacks.

“But as easy as it has become, we want to make sure that it is even easier and free for organizations of all sizes to protect themselves against DDoS attacks of all types.”

 

Share Post
Continue Reading

TechExtra

Startup Ecosystem: NITDA DG Engages Key Stakeholders In Lagos

Published

on

Mr. Kashifu Inuwa, NITDA DG (sitting third from right) flanked by others at the meeting

Director-General, National Information Technology Development Agency, NITDA, Kashifu Inuwa, has reiterated the Agency’s commitment to giving the startup ecosystem the needed support to boost the sector’s contribution to the economy and strengthen the value chain.

Inuwa made the pledge during a dinner meeting with some key stakeholders of Lagos Ecosystem, including representatives from Microsoft, MasterCard, and Norebase, among others.

While suing for trust, and strengthening the value chain deliberated on the best way to accelerate growth and support startups in the country, he said “there are lots of distrust within the government and the ecosystem, so much that the only way to engender trust between the two entities is to have this conversation.”

The Director-General assured the group of his unrelenting support to the ecosystem which he maintained would be his return base upon retirement from government service, and emphasised the need for collaborations across the board to achieve a faster and more sustainable digital economy.

“We cannot succeed in isolation; we need each other to succeed. Innovation is not distributed evenly across the world. Innovation and the digital economy are about humans”.

“A company is as good as its next product and its products are as good as the person or people who make them. This underscores the relevance of talents. If you don’t have the requisite skills and talents, then it is no deal,” he added.

The NITDA DG seized the opportunity to share his thoughts on different issues bordering on investments, partnerships, commercialisation of innovations, enabling policies and acquisition of relevant skills as well as training.

ALSO READ  Residents Card Relaunch: SecureID Group Applauds Lagos State Govt

“At NITDA, we are reenacting our act and laws to make it more robust so that we protect the ecosystem,” Inuwa stated.

The NITDA boss whose friendly body language gave the forum some sort of a relaxed atmosphere was keen on listening to their opinions and suggestions on how to get the ecosystem to perform much better.

“The sector we are in is dynamic and we must move with its pace, so we don’t play catch-ups or get left far behind. We must disrupt the way we do things and bring to bear professionalism, innovations that will solve indigenous problems but have a global impact,” the DG urged.

While taking turns to share their ideas and challenges, some of the representatives touched on diverse areas of concern and specialisations, including soliciting for government support in the development of hardware space, funding, talents, procurements, local content enforcement, mitigating gateways, policy timings and changes, data protection and management, digital skills framework, standardisation and others.

Reacting to their comments and questions, the Director-General extensively explained the efforts of NITDA under the supervision of the Federal Ministry of Communications and Digital Economy and by extension, the Federal Government in addressing most of the issues deliberated.

The Start-up Bill was also on the front burner of his response as the DG quickly reminded them that most of the concerns raised would soon be rested, given the recent passage of the Bill into law by the National Assembly.

He assured the startups of a speedy and effective implementation of the bill to deal with the bottlenecks experienced in the process, and fast-track the anticipated growth of the ecosystem.

ALSO READ  WAEC Makes NIN Registration Mandatory For WASSCE Candidates From Next Year

Moreso, Inuwa highlighted the Code of Practice for Interactive Platforms as another document that is expected to engender appropriate monitoring to enforce compliance to established regulations guiding the sector, while seeking their contribution to the document.

“We need to decide what and what the right regulations are so that every startup and industry player would have a Code of Practice that works for everyone and is adhered to the letter. Also, I think we need to form a union for Startup Ecosystem,” Inuwa added.

The engagement with the Lagos ecosystem ended with a resolve by all parties to forge ahead against all odds but not just as an ecosystem but more united and prepared for future tasks.

The meeting was part of NITDA’s stride towards making Nigeria a talent hub for Africa and possibly the digital world, especially as there are several reports indicating a global talent shortage.

 

Share Post
Continue Reading

Fintech

UMBA, US-Based Fintech Acquires Majority Stake In Kenya’s Daraja Microfinance Bank

Published

on

The Central Bank of Kenya (CBK) has announced the acquisition of 66.06 per cent shareholding of Daraja Microfinance Bank (Daraja MFB) by US-based fintech company UMBA.

The announcement follows CBK’s earlier approval, under Section 19(4) of the Microfinance Act and approval by the Cabinet Secretary for the National Treasury and Planning, pursuant to Section 19(3)(b) of the Microfinance Act.

UMBA fintech is incorporated in the State of Delaware, United States of America and has its headquarters in San Francisco, California. The company has operations in Kenya and Nigeria.

In Kenya, UMBA operates a non-deposit-taking credit business through its subsidiary UMBA Technology. In Nigeria, it operates in partnership with a licensed bank to offer digital banking services.

Daraja MFB was granted a license by the Central Bank of Kenya on January 12, 2015, to carry out community microfinance bank business within Dagoretti Division of Nairobi County.

The MFB’s Head Office and branch are located at Dagoretti Corner, Nairobi. The MFB’s target market is Micro and Small Enterprises. It is categorised as a small microfinance bank with a market share of below 1 percent of the microfinance banking sector as of March 31, 2022.

Analysts say the investment by UMBA will strengthen Daraja MFB’s business model. In particular, it will support the digitalization of Daraja MFB as it moves to provide ‘anytime anywhere’ services to its customers.

This is aligned with CBK’s vision of a microfinance banking sector that works for and with Kenyans.

CBK welcomes this transaction which is a critical component of Daraja MFB’s transformation plan. It will strengthen Daraja MFB and support the stability of Kenya’s microfinance banking sector.

ALSO READ  Technology Remains A Vital Tool For National Security –NITDA DG

Share Post
Continue Reading
TechExtra3 days ago

CloudFare DDoS Report Shows Q2 of 2022 Witnessed Largest DDoS Attacks Ever

Telecoms3 days ago

Nokia Forecasts 5G Subscriptions To Reach 263 Million In MEA By 2026

BANKING3 days ago

FirstBank Branch, Head office, Not Sealed- Mgt.

Telecoms4 days ago

NCC Restates Commitment To Research Funding

TechExtra4 days ago

Startup Ecosystem: NITDA DG Engages Key Stakeholders In Lagos

Opinion4 days ago

The Savvy Story Of The National Pension Commission (PENCOM)

BANKING4 days ago

Firstmonie Agents Process Over 1 Billion Transactions, Amounting To Over N22 Trillion

BROADCASTING4 days ago

NBC Fines DSTV, Trust TV, 2 Others N20m For ‘Terrorism Glorification’

Business5 days ago

Konga Kares, Med-Direct Africa Roll Out Free Delivery Of Quality Drugs

BANKING5 days ago

GAIM 5: Fidelity Bank Rewards 10 Customers In Savings Promo

BANKING5 days ago

Stanbic IBTC Inks Deal With Bento Africa To Offer Value Added Services

Fintech5 days ago

UMBA, US-Based Fintech Acquires Majority Stake In Kenya’s Daraja Microfinance Bank

Fintech5 days ago

MIGA Issues $200m Guarantees To Boost Digital Financial Services In Sub-Saharan Africa

BROADBAND5 days ago

MTN Introduces Home Broadband Services

TechExtra5 days ago

Pantami Reaffirms FG’s Commitment To Indigenous Telecom Content Promotion

NITDA5 days ago

nitda achievements 2021

TechExtra6 days ago

AWS Reports 2Q Revenue Of $19.7B, Beats Analysts’ Expectations

Business6 days ago

Nokia Signs 5-Year Deal With AST SpaceMobile

Business7 days ago

9mobile Reaffirms Support For Nigerian Journalists With Training On Content Leveraging

TechExtra1 week ago

African Teachers Want To Become Future-Fit With More “Soft Skills” Training- HP Study

BROADCASTING2 years ago

ENTERTAINMENT: ‘Turn Up Friday With Pepsi’ Premieres On Africa Magic Channels

BROADCASTING2 years ago

StarTimes Announces Subscription Price Increase, Addition Of New Channels

BROADCASTING2 years ago

MultiChoice Now Offers Auto-Renewal On Subscriptions To DStv & GOtv Customers

BROADCASTING1 year ago

tvN, Korea’s Number 1 Entertainment Channel Debuts On DStv March 1

Telecoms2 years ago

(APPLY): NCC Invites Proposals For Telecoms-Based Research Innovation 2020

Business2 years ago

Samsung May Not Include Chargers With Some Phones Starting 2021

BIG STORY2 years ago

One Year As NITDA’s DG: How Kashifu Abdullahi Is Transforming Nigeria’s IT Landscape (Part 1)

BROADCASTING2 years ago

IK Osakioduwa Hosts, As Obi Asika, Others Unveiled As Judges For Nigerian Idol Season 6

BROADCASTING2 years ago

MultiChoice Begins Broadcast Of uLesson Educational Content On DStv, GOtv

BROADCASTING2 years ago

MultiChoice Adds ESPN To Dstv And Gotv Sports Offering

Business2 years ago

Paint Roxettes Signs Nollywood Actor, Yul Edochie As Brand Ambassador

Opinion2 years ago

Africa In Motion: Accelerating Africa’s Digital Future

Opinion2 years ago

One Year At NITDA: Kashifu As A Vindication Of Youth Excellence In Governance

Innovation2 years ago

NITDA Pledges Full Support To Nigeria’s Tech Community For Innovation Against COVID-19

Business2 years ago

BREAKING: Plentywaka Seals Deal With Innoson Motors Ahead Of Expansion To South-Eastern Nigeria

HOME2 years ago

Girls In ICT Day: NITDA Highlights The Need To Promote Career In Information Technology For Girls And Women In Nigeria

Business2 years ago

BREAKING: Crowdyvest Holdings Changes Name To EMFATO Holdings

Telecoms2 years ago

5G Services Go Live In Madagascar, As Telma Launches Ericsson-Powered Network In The Country

Business2 years ago

After Okada Ban, Opay Confirms Shift To Delivery, Puts Motorcycles Up For Sale

BROADBAND2 years ago

Maska, NCC’s Executive Commissioner Chairs Ministerial Broadband Implementation Steering Committee

Advertisement

Trending