In the recent years, there has been a wave of indiscriminate cyber attacks targeting unsuspecting tech users across the African continent, from spam mails and other forms of malware on the digital space.
Only this week, Kenya’s Information and Communications Technology Cabinet Secretary, Eliud Owalo, confirmed that the government central services portal had been hacked and they were in the process of restoring it. The confirmation followed unverified claims that the same hackers had also infiltrated the mobile money platform – MPESA, leading to national and international panic by users of the services in Kenya and in the diaspora.
Kenya’s government digital service provider eCitizen is not the first government or institutional platform to be attacked, banks and other financial services providers as well as processors of sensitive information, including media houses have been attractive targets for cyber attackers and digital spaces criminals.
Due to the widespread nature of these attacks on the African continent, Kurunzi News’ Johannesburg-based correspondent, Daniel Itai engaged Zimbabwe’s Sammy Tatenda Nyere, Chief Technology Officer at Zimbabwe Cybersecurity, on why this trend is becoming common in Africa and how to navigate the digital space in the wake of this onslaught.
Q: At this juncture how susceptible is Africa to cyber attacks be it hackings, fraud and cloning?
A: Cloning has been on decline, most banks have done an excellent job by making most of its clients use two factor authentication, immediate purchasing message, even using the card in an unknown country banks will flag it as suspicious behavior. Fraud, on the other hand, is on the rise. Most of the reports we get are people who have been defrauded from joining Ponzi schemes and bogus investment websites. Africans need to follow the simple mantra that if it is too good to be true, it usually isn’t.
Also, us, being from the poorest continent on the planet, makes us easy pickings with online thieves promising us on doubling our money, or a Green Card (to the US). The most popular one these days is, “I am a recruiting agent, send me USD3 000 and will get you to the UK!”
Q: Why is there seemingly an increase in cyber attacks be it on a Government, private and personal level on the African continent?
A: The high increase in cyber-attacks is because most African countries are playing catch up with hacking technology which has been out for years. Cyber-Attacks are moving away from conventional hacking techniques such as phishing with an influx in technologies that make any Jack, Jill and Harry a hacker, by buying rubber duckies or anything. For instance, they would target you when you go like “they have my favorite cable for a phone charger” and they install malware the moment it’s plugged in creating a backdoor on that device in less than a minute.
Tech has become easy to hack. A simple YouTube tutorial can create an army of script kiddies who want to learn how to create a payload, ransomware or create a backdoor. We have now even seen people hacking for revenge e.g. bringing down a website, sending phishing links just to access other people’s social media. In the age where people are tech savvy and anyone has access to the internet you will find step by step tutorials for anything that you need from websites like null byte to even YouTube.
Q: How best can Governments, the private sectors, and persons be able to mitigate cyber attacks?
A: Risk Assessments are crucial even for my company, that way you have a plan forward when you are hacked, it’s not a matter of if; being ready to pounce the moment a breach has occurred. Most people think cyber-attacks only target money, information is also vital, a database of emails and passwords will go for a pretty penny online. However, the best defense is offense. Make employees aware of attacks by teaching (through) cyber-security seminars giving regular employee tests for example how to spot a fake website or a phishing email or site. Same goes with citizens. Governments must take it upon themselves to teach their citizens via newsletters, programs on radios, television etc.
Q: What are some of the major signs that a cyber attack is about to happen that one has to be wary of?
A: If you have systems in check, you will get a warning Intrusion Detection System which is helpful in monitoring the data on your network and systems and will tell you if something strange is going on.
Q: What should one do if they find themselves to be a victim of a cyber attack?
A: Secure all your email, socials, change every single password and ensure your password is not the same for everything if it please stop that habit because that means someone can completely ruin your life just because of one password. If it is a company, contact or hire forensic investigators or cyber-security experts for example penetration testers
The most important asset in a company is Vulnerability Assessments and Penetration Testing. Hiring a pentester who is also an ethical hacker will give you insight on your company – your weaknesses (and vulnerabilities). They would hack you and will provide proof of concept, meaning they will literally show you hackers will get into your system.