NITDA warns Nigerians against new email-based attacks

The National Information Technology Development Agency (NITDA), has warned Nigerians about a cyber threat that involves a new email-based attack from Solarwindhackers.

In a statement signed by the Head Cooperate and External Affairs Department, Mrs Hadiza Umar noted that Microsoft, a world-renown multinational technology company uncovered a widespread malicious email campaign undertaken by the hacking group- NOBELIUM and warned Nigerians not to fall for it.

According to NITDA, “The cybercriminals leveraged the legitimate mass-mailing service, to masquerade as a US-based development organisation and distribute malicious URLs to a wide variety of organisations especially government organisations, non-government organizations (NGOs), think-tanks, military, IT service providers, health technology and research, and telecommunications providers.

“Their antics involve the use of emails claiming to be an alert from USAID about new documents published by former President Donald Trump about ‘election fraud.’ Once users click the link in the email, the URL would direct them to the legitimate Constant Contact Service and then redirect to Nobelium-controlled infrastructure through a URL that delivers a malicious ISO file. This, in turn, enables the criminals to execute further malicious objectives, such as lateral movement, data exfiltration and delivery of additional malware.”

The NITDA, therefore, advised Nigerians to be wary of such criminals masquerading as USAID and follow the following recommendations;

“Turn on cloud-delivered protection in Microsoft Defender Antivirus or the equivalent to cover rapidly evolving attacker tools and technique; Run EDR in block mode to enable antivirus to block malicious artefacts (EDR in block mode works behind the scenes to remediate malicious artefacts that are detected post-breach; enable network protection to prevent applications or users from accessing malicious domains and other malicious content on the Internet; enable investigation and remediation in full automated mode to allow antivirus take immediate action on alerts to resolve breaches

“Also use device discovery to increase your visibility into your network by finding unmanaged devices on your network and onboarding them; enable multifactor authentication (MFA) to mitigate compromised credentials; block all Office applications from creating child processes.”

To report an incident, users are advised to contact NITDA CERRT via email support@cerrt.ng or via telephone +2348178774580.