Menu Close

NCC alerts consumers to new cyberthreats targeting Windows platforms, routers

*The Nigerian Communications Commission’s Computer Security Incidents Response Team alerts users to two new cyberthreats targeting Windows platforms, routers, and offers measures for protection against the threats

Gbenga Kayode | ConsumerConnect

In a move to protect telecoms consumers in the country’s cyberspace, the Computer Security Incidents Response Team (CSIRT) of the Nigerian Communications Commission (NCC) has disclosed it discovered two new separate cyberthreats targeting Windows platforms and a particular kind of routers respectively.

The telecoms sector regulatory Commission Thursday, March 31, 2021, stated that the CSIRT noted the discoveries in two separate advisories  by the cyberspace protection team earlier in the week.

The NCC said that the first cyberthreat is a ransomeware known as ‘Lokilocker’, which is capable of wiping data from all version of Windows systems or platforms.

RELATED CyberEspionage: NCC Alerts Nigerians To Hackers’ Targeting Telcos, ISPs, Others

“It causes data loss, and denial of service (DoS), which reduces user’s productivity,” stated the Commission.

The telecoms regulator also explained that “Lokilocker”, is a relatively new ransomware that has been discovered by security researchers and belonging to the ransomware family.

It further said: “Lokilocker operates by encrypting user files and renders the compromised system useless if the victim does not pay the demanded ransom in time.

“To hide the malicious activity, the ransomware displays a fake window update screen, cancel specific processes and services, and completely disables the task manager, windows error reporting, machine firewall and windows defender of the compromised system.”

RELATED Cybersecurity: NCC-CSIRT Identifies 2 Cyber Vulnerabilities, Offers Measures For Consumer Protection

According to NCC, the ransomware also has in-built processes that prevent data recovery as it deletes backup files, shadow copies, and removes system restore points.

It as well overwrites the user login note and modifies original equipment manufacturer (OEM) information in the registry of the compromised system.

The NCC CSIRT advisory further stated: “To protect against infections by LokiLocker and similar ransomware, the best rule is to always have a backup copy of your data, which should be stored offline.”

READ ALSO Special Report: 2022 WCRD And Consumer Protection Against Market Abuses In Digital Financial Services Ecosystem

Besides, the Commission’s CSIRT urged consumers that “all downloads and e-mail attachments should be opened with caution, even if they are from trusted sites or senders. “Users should also ensure they attachments are scanned with an up-to-date antimalware solution, before opening,” it stated.

How Botnet targets Microtik version of routers

According to the Commission, the second cyberthreat the NCC CSIRT discovered is a Botnet that targets the Microtik version of Routers.

CSIRT revealed that thousands of routers from Microtik, which have been found to be vulnerable, are being used to constitute what has been named one of the largest Botnets in history.

READ ALSO: NCC Sensitises Students On Consumer Protection, To Address E-Frauds In Financial Services

This Botnet, it noted, exploits an already-known vulnerability, which allows unauthenticated remote attackers to read arbitrary files and authenticated remote attackers to write arbitrary files, due to a directory traversal vulnerability in the WinBox interface.

“The vulnerability, which was previously fixed, allowed the perpetrators to enslave all the routers and then rent them out as a service,” CSIRT said in the advisory.

In accordance with new research published by Avast, a cryptocurrency mining campaign taking advantage of the newly disrupted Glupteba botnet as well as the famed Trickbot malicious software were found to have been disseminated by the very same command-and-control (C2) server.

READ ALSO: Danbatta Restates NCC’s Commitment To Broadband, Consumer Protection, Digital Economy

The C2 server functions as  botnet-as-a-service, which controls nearly 230,000 vulnerable MicroTik routers.

The Botnet, however, has been linked to what is now called the Meris Botnet, the Commission stated.

The NCC also said the threat types emanating from the Botnet include bypass authentication, data loss, denial of service, remote code execution, sniff password and unauthorised access.

“These situations result in dangers to victims of this cyberthreat including malware distribution, mining cryptocurrency, thereby increasing the use system resources, remote code execution and data theft,” it said.

Protection against the Botnet

In order to get protected against this Botnet, the NCC CISRT has advised users to update or apply the latest patches to their routers early, set strong router passwords, disable the administration interface of the routers from the public, stay away from illegitimate or cracked software versions of legitimate applications, and use decent antivirus software with in-built web-filtering, and apply the latest patches as soon as they arrive.

Kindly Share This Story


Kindly share this story