The Nigerian Communications Commission‘s Computer Security Incident Response Team (NCC-CSIRT) have rolled a series of preventive measures following increased reports of Account Takeover (ATO) incidents to the Nigeria Computer Emergency Response Team (ngCERT).
An advisory from the body on Tuesday described an ATO attack when cybercriminals gain access to a user‘s credentials in order to compromise the user‘s account, pose numerous risks to the individual and the organization that he or she represents, as it provides a breeding ground for future attacks by cybercriminals, who change the user credentials once inside the account, effectively locking the user out.
Measures prescribed by NCC-CSIRT for mitigating falling victim of an ATO attack applying rules of password complexity when creating passwords and using different passwords for different accounts, which is simplified by usage of password manager.
Other measures are changing passwords periodically, enable Multi-factor authentication (MFA) on all accounts, installing up-to-date effective anti-malware solutions on all devices and keeping abreast of phishing techniques as well as taking preventative measures.
The measures were in response to the trend whereby cybercriminals have devised several methods for obtaining user credentials through methods like phishing, which involves sending malicious emails to targets to trick them into disclosing sensitive information such as login credentials.
They also infect a target device with malware such as a key logger, spyware, or banking Trojan, which allow cybercriminals to gain access to user credentials and use them to take over a user‘s account.
Another method of the cybercriminals is the use of brute-force attacks, a method of trial and error in which an automated script is used to guess multiple passwords against an account in the hope of eventually finding one that works. In addition to credential stuffing, when usernames and passwords are leaked in a data breach, cybercriminals will attempt to gain unauthorized access to other accounts with the same username by using the leaked password, because most people use the same password across multiple accounts.
NCC-CSIRT rated the probability of an ATO attack as high with potential for doing critical damage as its implications are numerous. These include cybercriminals that gained access to one‘s banking apps using it to transfer money from one‘s account. If an employee‘s account is compromised, it can also be used to phish within an organization, steal sensitive information from the organization or insert malware into the network.