Cybersafety: NCC-CSIRT cautions consumers against phishing attack exploit

*The Nigerian Communications Commission’s Computer Security Incident Response Team advises consumers to apply updates per vendor instructions for protection against online vulnerabilities

Isola Moses | ConsumerConnect

In a move to ensure consumer protection against vulnerabilities in cyberspace , the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT), again, has warned that a new Phishing, Attacks Exploit Windows Zero-Day Vulnerability, can load a malicious QBot malware on the compromised device without triggering any Windows security alerts.

The NCC-CSIRT in the advisory indicated that the vulnerability, which is present in all versions of Windows-based products, presents as Phishing Attacks and Malware threats.

RELATED Cybersafety: NCC-CSIRT Issues Advisory On Exposure To Multiple Vulnerabilities In Cisco Products

Mr. Reuben Muoka, Director of Public Affairs at NCC, at the weekend stated the NCC-CSIRT noted that ProxyLife security researcher discovered the new phishing exploit on Windows zero-day vulnerability to drop a Qbot malware without displaying Mark of the Web (MoTW) security warnings.

The Commission said: “To take advantage of the Windows Mark of the Web zero-day vulnerability, threat actors have switched to a new phishing strategy that involves propagating JS files (plain text files that include JavaScript code) signed with forged signatures.

READ ALSO: Cybersafety: Regulator Cautions Parents Against Uncontrolled Exposure Of Children To Online Activities

“The newest phishing attempt begins with an e-mail that contains a password for the file along with a link to an allegedly important document.”

The NCC-CSIRT advisory also noted: “When the link is clicked, a password-protected ZIP folder that includes another zip file and an IMG file is downloaded. Normally, launching the JS file in Windows would result in a Mark of the Web security warning because it is an Internet-based file. “However, the forged signature permits the JS script to function and load the malicious QBot programme without triggering any Windows security alerts.”

READ ALSO Cybersecurity: NCC-CSIRT Alerts Consumers To Google Chrome Extensions Malware

Meanwhile, NCC-CSIRT advised that users apply updates per vendor instructions.

The CSIRT is the telecoms sector’s cybersecurity incidence centre set up by the NCC to focus on incidents in the telecoms sector and as they may affect consumers and citizens at large.

RELATED: Danbatta Restates NCC’s Commitment To Broadband, Consumer Protection, Digital Economy

The CSIRT also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.