Maher Yamout - Afrikan Heroes

ICT Experts Identify the Top Three Security Threats in Africa

October 22, 2020

As the world grows closer and closer into a global village with several interconnected dots, ICT experts have warned that while there has been an overall decrease in certain malware cases across sub-Saharan Africa, the human cyber threat, however, remains rife and Africa is not immune to the evolving techniques of Advanced Persistent Threats (APTs), as well as the possibilities of being a future target of hacking-for-hire threat actor groups.

Maher Yamout, Senior Security Research at Kaspersky

Kaspersky research has found that globally, APT groups are evolving their techniques and are upgrading their toolset to continue stealing sensitive information. Furthermore, there has been a rise of hackers-for-hire or cyber mercenaries during the first two quarters of 2020. In fact, three cyber mercenary groups have been exposed across the world this year alone.

As this activity has taken place outside of Africa, it’s suspected that these types of actors may have been somewhat forgotten and do not necessarily form part of cyber defence strategies. However, the region may become a focus of these groups in the coming months and thus, businesses and entities need to have an understanding of these emerging threats, along with the threat of APTs, to be prepared and take proactive steps towards effective cybersecurity.

Hackers-for-hire or cyber mercenaries do not necessarily have monetary motivations like traditional cybercrime. Instead, they steal private data to monetise it in a different way – usually for the purpose of providing advice or insights, based on the data, to share the value of a competitive advantage.

For example, a bank might get targeted and have its data analysed to gain an understanding of its market exposure, clients, and back-end systems. A competitor can use that to gain significant benefit. The reality is that in this evolving cyberthreat landscape, no company or government institution can consider themselves safe.

In South Africa, Kenya and Nigeria, APT groups are exploiting the current uncertainty around COVID-19 to steal sensitive information. More sophisticated techniques have emerged that delivers malware in non-conventional ways.

While overall malware attacks in South Africa, Kenya and Nigeria decreased during the first two quarters of 2020, certain malware types, such as the STOP ransomware, are proving increasingly popular for certain cybercriminals. The same applies to financial malware in South Africa and Nigeria as examples.

So, even though it decreased in these countries, certain financial malware types are gaining in popularity thanks to their unique techniques which these groups are exploiting to monetise data. This emphasises that attacks are becoming more targeted and at specific companies, in specific regions and for specific purposes.

The top industries under attack in Sub-Saharan Africa in H1 2020 include government, education, healthcare, and military. While government and military present compelling – and obvious – targets, education and healthcare are often used as pivot points to gain access to other institutions. Sometimes, an entity is a victim while other times it is the target.

The top three threat actors in these regions in this regard are said to be TransparentTribe, Oilrig, and MuddyWater.

“The remainder of the year will likely see APT groups and hacking-for-hire threat actors increase in prominence across the globe. Africa will continue to see more sophisticated APTs emerge and we also suspect that the hacking-for-hire actor type could target companies in Africa in the future,” says Says Maher Yamout, Senior Security Research at Kaspersky.

“We also anticipate that cybercriminals will increase targeted ransomware deployment using different ways. These can range from trojanised cracked software to exploitation across the supply chain of the targeted industry. Data breaches will certainly become more commonplace especially as people will continue to work remotely for the foreseeable future while exposing their systems to the Internet without adequate protection.”

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

How to Keep Your Smartphone Corona-free

April 7, 2020

Maher Yamout, Senior Security Researcher for the Global Research and Analysis Team at Kaspersky

As efforts aimed at tackling the spread of the Covid-19 disease across the world heightens, people are being advised to take personal responsibilities especially in areas of personal hygiene. But despite people being advised to wash their hands often, how many apply the same rigour to their smartphones. To address this, global cyber security firm Kaspersky is providing tips on keeping mobile devices ‘virus-free’. Speaking on the importance of keeping the smartphones Covid-19 free, Maher Yamout, Senior Security Researcher for the Global Research and Analysis Team at Kaspersky said that “even before the COVID-19 pandemic, it is frightening to think how many bacteria lives on our personal mobile devices. And with the Coronavirus able to survive at room temperature and remain infectious on metal, glass, ceramic, and plastic for several days, it becomes essential to follow effective disinfection protocol.”

The virus can get onto a phone or tablet in two ways: either in tiny droplets when an infected person coughs nearby, or from your own hands after touching door handles, ATM buttons, and the like. Fortunately, unless a person hands their mobile device to someone who is infected to cough and splutter all over it, the probability of infection by airborne route is low. Transmission by hand depends on the duration of contact and varies for different microorganisms. But with no reliable data for COVID-19 available yet, it is always best to be extra cautious.

“If you must go to the shop for essential goods, it is imperative to disinfect your phone when you return home. There are several common household products that can deal with the Coronavirus effectively – ethanol (C2H5OH), isopropyl alcohol (C3H7OH), hydrogen peroxide (H2O2), and sodium hypochlorite (NaClO),” adds Yamout.

Isopropyl alcohol is considered the least harmful to the oleophobic coating that allows fingers to slide over the screen without covering it in fingerprints. So, use it if you can (as spray or wet wipes). Ethanol and hydrogen peroxide should be considered a backup if nothing else is available. With frequent use, these products can easily ruin the oleophobic coating. Even once might be enough, it depends on the coating. As for concentration, the optimal to go for is approximately 70-80%. Purer alcohol evaporates too quickly for best results. The disinfecting solution must sit on the surface for about a minute. A lower concentration is less efficient in killing viruses.

People should therefore not rely on vodka for example instead of ethyl alcohol. Even glass cleaner is not as effective as isopropyl alcohol given it has considerably lower alcohol content. It is also critical to not pour the disinfectant into the connectors, speakers, and other openings in the smartphone, even if it is waterproof. Rather, take a cotton pad, soak it in the liquid, and apply it to all sides of the device. There is no need to press hard, just carefully and thoroughly wipe the whole surface.

People should apply the same disinfection regiment to any other gadgets they use in public places. These can include tablets, laptops, smartwatches, bracelets, headphones, and so on. However, always check the product Website whether the manufacturer has any recommendations as to which substances are best suited for the device cleaning and how to apply them.

Kelechi Deca