By Modupe Gbadeyanka

Interswitch has thrown its full weight behind the 2021 Annual Committee of e-Business Industry Heads (CeBIH) retreat as part of its commitment to champion the epayments ecosystem growth.

This is the fifth consecutive year the leading integrated payments and digital commerce company is sponsoring the programme, which is a platform through which the committee examines key innovations in the payment industry over the past year and discuss insights and trend for the coming year.

This year’s retreat is slated to hold on December 2 and 3, 2021, in Abeokuta, Ogun State and would be attended by various stakeholders in the sector.

The 2021 Annual CeBIH Retreat tagged Innovative Digital Banking will focus on issues around the growth of digital payments in Nigeria and how technological innovations such as digital currencies, blockchain, 5G network, contactless payments, among others, will dominate the payment industry in the coming years.

Interswitch as a key industry stakeholder will be instrumental in spearheading these discussions, especially with its recent efforts around blockchain technology and other solutions around contactless payments.

The digital payment company has been an ardent supporter of the committee and its objectives, underpinned by a shared objective of enabling further development of the digital payments ecosystem in Nigeria.

This sponsorship highlights its interest in fostering deeper collaboration between banks and fintechs within the industry ecosystem.

Speaking on the forthcoming retreat, Mr Akeem Lawal, Managing Director for Transaction Switching & Payment Processing at Interswitch reiterated the importance of Interswitch’s participation in industry events such as the CeBIH Retreat, where critical issues, trends and analysis around the payment ecosystem are discussed.

He described the retreat as a necessity for industry players to assess the current state of things and make calculable projections for the future, with the aim to improve and deepen Nigeria’s payment system.

“This retreat remains important for stakeholders in the payment industry and offers an opportunity for Interswitch to be introspective about the steps taken to improve the payment system in Nigeria and in Africa as a whole,” Mr Lawal said.

“We at Interswitch remain committed to supporting and participating at platforms that share our vision to drive greater financial inclusion and prosperity across Nigeria and the Africa continent.

“Platforms such as the CeBIH annual retreat provide Interswitch and other industry players the impetus to engage with key stakeholders and collaborators from the banking system with a view towards improving our offerings to our customers viz-a-viz market demands, global trends and insights from the operating environment,” he added.

By Adedapo Adesanya

Cyber threats in Nigeria in 2021 depreciated by 7.5 per cent, according to the latest research by Kaspersky.

This dramatic change in the threat landscape is coming at a time regular and self-propagating malware is decreasing dramatically, as it is no longer effective and cannot fly under security radars.

Security researchers at Kaspersky noticed that Kenya recorded the highest decline with an unprecedented 28.6 per cent, while South Africa saw a 12 per cent decrease.

The reason for such a change was the introduction and popularisation of new cybercrime models in the region, with cybercrime tools becoming more targeted along with a long-running trend where malware creators rely not on the technical advantage of their technologies over security protection, but on the human factor.

The cybersecurity firm noted that this has stimulated the evolution of phishing schemes in 2021. In particular, the region saw a wave of ‘Anomalous’ spyware attacks.

The usual phishing spyware attack begins when attackers infect a victim by sending them an e-mail with a malicious attachment or a link to a compromised website and ends when the spyware is downloaded and activated on the victim’s device.

Having gathered all necessary data, the operator usually ends the operation by attempting to leave the infected system unnoticed. In anomalous attacks, however, the victim’s device becomes not only a source of data but also a tool for spyware distribution.

Having access to the victim’s email server, the malware operators use it to send phishing emails from a legitimate company’s email address. In this case, anomalous spyware attacks an organisation’s server for collecting stolen data from another organisation and sending further phishing emails.

Speaking on this, Maria Garnaeva, Senior Security Researcher at Kaspersky ICS CERT team, “The Anomalous spyware attacks have a huge potential for growth in South Africa, Kenya and Nigeria in 2022, because unlike regular spyware the entry-level for attackers who wish to employ this tactic is significantly lower – since instead of paying for their own infrastructure, they abuse and employ the victims’ resources.

“We see that cheaper attack methods have always been on the rise in the region and cybercriminals quickly pick up on new tactics. Kaspersky, therefore, suggests that in the nearest future, these countries should be prepared for such attacks.”

She explained that the mass scale attacks are not disappearing, but rather transforming with the scheme usually following a style where a user searches for a free version of an extremely popular legitimate spyware and the cybercriminals offer them a fake installer using ‘black SEO technic’ – the abuse of the legitimate search engines, resulting in the offering of the fraudulent websites first.

As a result of software installer execution, a few dozen malware samples are downloaded and installed with the goal of turning the infected devices into a part of the Glupteba botnet.

The whole fake installers campaign and botnet have been extremely active in South Africa in 2021 and continue to evolve, yet it is scarcely researched.

“While the Glupteba botnet seems to be a threat for consumers, we are still researching it and keeping an eye on its behaviour, since some distributed malware resembles APT-related samples like Lazarus APT groups and were recently used in the largest DDoS attack in Russia. It is too early to say it with a high level of confidence, but these factors may suggest that we are now entering the era where APT actors start to use existing malware distribution platforms which makes attribution of such attacks harder and opens a new vector similar to supply chain attacks,” added Ms Garnaeva.

Recommendations from Kaspersky

In order to stay protected from such new cybercrime models and threats, Kaspersky recommends the following:

– Pay close attention to and don’t open any suspicious files or attachments received from unknown sources.

– Do not download and install applications from untrusted sources.

– Do not click on any links received from unknown sources and suspicious online advertisements.

– Create strong passwords and don’t forget to change them regularly.

– Always install updates. Some of them may contain critical security issues fixes.

– Ignore messages asking to disable security systems for office software or antivirus software.

– Use a robust security solution appropriate to your system type and devices, such as Kaspersky Internet Security.

By Modupe Gbadeyanka

The COVID-19 crisis did not only create a global health crisis but also a cyber-crime pandemic, the Acting Chief Risk Officer, Enterprise Risk Management at the Nigerian Exchange (NGX), Mrs Oluyemi Obadare, has submitted.

The cyber expert said this at the 9th edition of the Nigerian Capital Market Information Security Forum (NCMISF) organised by the exchange.

The event themed Navigating the Post-Pandemic Cyber Security Imperatives was held on Tuesday, November 23, 2021, and it had in attendance leading industry data privacy and security experts and capital market stakeholders.

The participants virtually shared actionable information and ideas on post-pandemic effects, survival strategies and optimal pathways for the capital market and the ecosystem at large.

Participants also had the opportunity to get a deeper understanding of present and developing trends in information security through case study presentations ranging from building resilience against ransomware, managing third-party risk in a digital world; and securing one’s online presence.

To shed light on these issues, the following topics were treated, Building Resilience Against Ransomware by John Anyanwu, Partner, Cyber & Privacy, KPMG; Managing Third-Party Risk in a Digital World by Chika Nwachukwu, Manager, Digital Risk and Cybersecurity, PwC; Information Security at Meristem Stockbrokers by Oladotun Olorunyomi, Head, IT, Meristem Stockbrokers Limited; and Securing Your Online Presence by Uwa Agbonile, CEO & Chief Software Architect, InfoWARE Limited.

In her opening remarks, Mrs Obadare noted that, “The coronavirus has accelerated a second digital revolution not seen since the dot-com boom of the early 2000s.

“Likewise, it has made criminal minds increasingly motivated to innovate and digitize their attacks, as there has been an increased demand for information online.

“COVID-19 did not only cause a health pandemic, but a cyber-crime pandemic too and the potential impacts are here to stay. NGX has, therefore, provide a platform for professionals and subject matter experts in the Information technology and financial industry to collaborate and share ideas on information security best practices.”

NGX continues to uphold information security best practices evidenced by its ISO 27001:2013 certification for the 8th year running. This could not have been achieved without an intentional and deliberate approach to cybersecurity.