Check Point Software Technologies Limited, a global network cyber security vendor, has indicated that Nigeria remains amongst top ten countries in the world at risk of cyber attack.
“Nigeria remains amongst the top ten countries at highest risk of cyber attack, currently sitting at number nine on the list after having climbed one position from last month,” it said, adding that the top three ‘Most Wanted’ malware in Nigeria are Roughed, Virut and Firewall.
In its August Global Threat Impact Index, Check Point revealed that banking Trojans were extensively used by cyber-criminals globally in the month of August, with three variants appearing in the top ten of its index – Zeus, Ramnit and Trickbot.
Check Point Technologies explains that the Trojans work by identifying when the victim is visiting a banking website, and then use keylogging or webinjects to harvest basic login credentials or more sensitive information such as PIN numbers. Alternatively, Trojans may also direct victims to fake banking websites designed to mimic the legitimate ones and steal credentials that way.
On the top three most wanted malware in Nigeria, Roughted is described as large-scale malvertising used to deliver various malicious websites and payloads such as scams, adware, exploit kits and ransomware. It can be used to attack any type of platform and operating system, and utilises ad-blocker, bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
Virut, on the other hand, is one of the major botnets and malware distributors in the Internet. It is used in DDoS attacks, spam distribution, data theft and fraud. The malware is spread through executables originating from infected devices such as USB sticks as well as compromised websites and attempts to infect any file accesses with the extensions .exe or .scr.
Virut specifically alters the local host files and opens a backdoor by joining an IRC channel controlled by a remote attacker.
Fireball is an Adware vastly distributed by the Chinese digital marketing company Rafotech. It acts as a browser-hijacker which changes the default search engine and installs tracking pixels, but can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.
The August Global Threat Impact Index also revealed that Globeimposter, a ransomware disguised as a variant of the Globe ransomware, was the world’s second most prevalent malware throughout the month.
Although it was discovered in May 2017, the malware did not begin to rapidly proliferate until August, distributed by spam campaigns, malvertising and exploit kits. Upon encryption, Globeimposter appends the .crypt extension to each encrypted file, and a payment is demanded from victims in return for decrypting their valuable data.
“Financial gain is the major motive for the vast majority of cybercrime, and unfortunately criminals have a wide range of tools at their disposal to achieve this,” said Doros Hadjizenonos, country manager of Check Point South Africa.
“To see both a highly effective ransomware variant and a range of banking Trojans in the top ten most prevalent malware families really underlines how tenacious and sophisticated malicious hackers can be in their attempts to extort money. Organisations need to be both vigilant and proactive in order to protect their networks,” he noted.