The Nigerian Communications Commission, in a press statement
released on Thursday, said its Computer Security Incidents Response Team had
discovered “two new separate cyber threats targeting Windows Platforms and a
particular kind of routers respectively.”
The statement, signed by the NCC Director of Public Affairs,
Dr Ikechukwu Adinde, noted that “the discoveries were made known in two
separate advisories released by the cyber-space protection team earlier this
week.”
The statement read: “The first cyber threat is a ransomware
known as ‘Lokilocker’, which is capable of wiping data from all version of
Windows systems or platforms. It causes data loss, and denial of service (DoS),
which reduces user’s productivity.
“‘Lokilocker’ is a relatively new ransomware that has been
discovered by security researchers and belonging to the ransomware family.
Lokilocker operates by encrypting user files and renders the compromised system
useless if the victim does not pay the demanded ransom in time.
“To hide the malicious activity, the ransomware displays a
fake window update screen, cancel specific processes and services, and
completely disables the task manager, windows error reporting, machine firewall
and windows defender of the compromised system.
“Sadly, it also has in-built processes that prevent data
recovery as it deletes backup files, shadow copies, and removes system restore
points. It also overwrites the user login note and modifies original equipment
manufacturer (OEM) information in the registry of the compromised system.”
Suggesting possible protection against LokiLocker, the
statement quoted the NCC CSIRT as saying: “To protect against infections by
LokiLocker and similar ransomware, the best rule is to always have a backup
copy of your data, which should be stored offline.”
CSIRT further stated that “all downloads and email
attachments should be opened with caution, even if they are from trusted sites
or senders. Users should also ensure that attachments are scanned with an
up-to-date antimalware solution, before opening.”
According to the statement, the “second cyber threat
discovered by the NCC CSIRT is a Botnet that targets the Microtik version of
Routers. As CSIRT revealed, thousands of routers from Microtik which have been
found to be vulnerable are being used to constitute what has been named one of
the largest botnets in history
“This botnet exploits an already-known vulnerability, which
allows unauthenticated remote attackers to read arbitrary files and
authenticated remote attackers to write arbitrary files, due to a directory
traversal vulnerability in the WinBox interface. The vulnerability, which was
previously fixed, allowed the perpetrators to enslave all the routers and then
rent them out as a service.
“In accordance with new research published by Avast, a
cryptocurrency mining campaign taking advantage of the newly disrupted Glupteba
botnet as well as the famed Trickbot malicious software were found to have been
disseminated by the very same command-and-control (C2) server. The C2 server
functions as botnet-as-a-service, which controls nearly 230,000 vulnerable
MicroTik routers. The Botnet, however, has been linked to what is now called
the Meris Botnet.
“The threat types emanating from the botnet include bypass
authentication, data loss, denial of service, remote code execution, sniff
password and unauthorized access. These situations result in dangers to victims
of this cyber threat including malware distribution, mining cryptocurrency,
thereby increasing the use system resources, remote code execution and data
theft.”
The NCC CSIRT also gave an advisory on how to be protected
against Botnet. The statement quoted NCC CSIRT as saying, “To be protected
against this botnet, users (are advised)
to update or apply the latest patches to their routers early, set strong router
passwords, disable the administration interface of the routers from the public,
stay away from illegitimate or cracked software versions of legitimate
applications, and use decent antivirus software with in-built web-filtering,
and apply the latest patches as soon as they arrive.”
Advertise on NigerianEye.com to reach thousands of our daily users
No comments
Post a Comment
Kindly drop a comment below.
(Comments are moderated. Clean comments will be approved immediately)
Advert Enquires - Reach out to us at NigerianEye@gmail.com