Tag Archive for: ncc

NCC urges adoption of two-factor authentication to protect telegram accounts against attack – The Sun Nigeria

/in


From Adanna Nnamani, Abuja

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has advised users to adopt two-factor authentication to protect their Telegram accounts and to avoid downloading unauthorized Advanced IP Scanner Software.

This, the  NCC says is in response to the discovery of a new attack that compromises victims’ VPN (Virtual Private Network) accounts to compromise messaging app, Telegram.

According to a statement from the Commission, Ukrainian cyber experts discovered the attack, which uses Vidar Malware (Vidar Stealer) to steal Telegram session data, which in the absence of configured two-factor authentication and a passcode, allows unauthorized access to the victim’s telegram account and corporate account or network.

“The malware, which exploits unauthorized access to users’ Telegram accounts and corporate accounts to steal data, targets platforms across iOS, Android, Linux, Mac and Windows Operating Systems.

“The Ukrainian CERT alleged that a Somnia Ransomware was created to be used on Telegram that tricks users to download an installer that mimics ‘Advanced IP Scanner’ software, which contains Vidar Malware. The installer infects the system with the Vidar stealer, which steals the victim’s Telegram session data to take control of their account.

“The threat actors abuse the victim’s Telegram account in some unspecified manner to steal VPN connection data (authentication and certificates). If the VPN account is not protected by two-factor authentication passcode, the hackers use it to gain unauthorized access to the victim’s employer’s corporate network”, the alert and advisory states.

“Once inside, the intruders conduct reconnaissance work using tools like Netscan, Rclone, Anydesk, and Ngrok, to perform various surveillance and remote access activities, and then deploy a Cobalt Strike beacon, exfiltrating data using the Rclone program,” the report stated.

“The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large. The CSIRT also works collaboratively with…

Source…

NCC Alerts On Stronger Cyber Security Measures

/in


The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has urged organisations to adopt stronger cyber security measures like ensuring their employees use strong, unique passwords for every account and enabling multi-factor authentication wherever it is supported to prevent ransomware attacks.

The warning was contained in an advisory issued at the weekend by the NCC director of public affairs, Reuben Muoka, even as it advised organisations to ensure regular systems backup.

The advisory came after the Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing credentials synced from their browser.

Ransomware is a malware designed to deny a user or organisation access to files on their computer until they pay the attackers. Cisco reported the security incident on its corporate network but said it did not identify any impact on its business although the threat actors had published a list of files from this security incident on the dark web on August 10.

NCC-CSIRT estimated potential damage from the incident to be critical while predicting that successful exploitation of the ransomware will result in ransomware deployment to compromise computer systems, sensitive products and customers’ data theft and exposure, as well as huge financial loss to organisations by incurring significant indirect costs and could also mar their reputations.

The team said; “The first step to preventing ransomware attacks is to ensure that employees are using strong, unique passwords for every account and enabling multi-factor authentication wherever it’s supported.”

It further disclosed that “In response to the attack, Cisco has immediately implemented a company-wide password reset. Users of Cisco products should ensure a successful password reset.“

As a precaution, the company has also created two Clam AntiVirus signatures (Win.Exploit.Kolobko-9950675-0 and Win.Backdoor.Kolobko-9950676-0) to disinfect any potentially compromised assets.

Clam AntiVirus Signatures (or ClamAV) is a multi-platform antimalware toolkit that can detect a wide…

Source…

NCC warns against car hackers, lists ways to stop them

/in


The Nigerian Communications Commission (NCC), in a statement signed by Dr. Ikechukwu Adinde Director, Public Affairs, has said that there is an ongoing cyber-vulnerability system that gives nearby hackers leeway to unlock vehicles, start their engines wirelessly and steal cars.

According to the latest advisory released by the Computer Security Incident Response Team (CSIRT), the cybersecurity centre for the telecom sector established by the NCC, the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

The fact that car remotes are categorised as short range devices that make use of radio frequency (RF) to lock and unlock cars informed the need for the Commission to alert the general public on this emergent danger, where hackers take advantage to unlock and start a compromised car.

NCC says in the statement

With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.

NCC warns against car hackers
NCC warns against car hackers (PHOTO: Wardsauto)

“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly. The attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system,” the advisory stated.

How to stop the hackers

NCC warns against car hackers

The NCC-CSIRT, in the advisory, has offered some precautionary measures or solutions that can be adopted by car owners to prevent falling victim to the attack.

When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter. Additionally, vulnerable car…

Source…

Beware, Hackers Can Steal Your Car Through Radio Frequency, NCC Warns Nigerians

/in


Hackers have now found a means to compromise the security of vehicles by unlocking and starting their engines wirelessly with the intention of stealing.

The Nigerian Communications Commission (NCC) disclosed this on Sunday to alert Nigerians on the ongoing cyber-vulnerability.

The regulator explained that car remotes are categorized short range devices that make use of radio frequency (RF) to lock and unlock, hence hackers take advantage to unlock and start a compromised car.

The Computer Security Incident Response Team of the NCC, said, “the vulnerability is a Man-in-the-Middle (MitM) attack or, more specifically, a replay attack in which an attacker intercepts the RF signals normally sent from a remote key fob to the car, manipulates these signals, and re-sends them later to unlock the car at will.

“With this latest type of cyber-attack, it is also possible to manipulate the captured commands and re-transmit them to achieve a different outcome altogether.

“Multiple researchers disclosed a vulnerability, which is said to be used by a nearby attacker to unlock some Honda and Acura car models and start their engines wirelessly.”

It said that the attack consists of a threat actor capturing the radio frequency (RF) signals sent from your key fob to the car and resending these signals to take control of your car’s remote keyless entry system.”

Advising the public, the NCC provided some precautionary measures that can be adopted by car owners to prevent falling victim to the attack.

The NCC said, “When affected, the only mitigation is to reset your key fob at the dealership. Besides, the affected car manufacturer may provide a security mechanism that generate fresh codes for each authentication request, this makes it difficult for an attacker to ‘replay’ the codes thereafter.

“Additionally, vulnerable car users should store their key fobs in signal-blocking ‘Faraday pouches’ when not in use.

“Importantly, car owners in the stated categories are advised to choose Passive Keyless Entry (PKE) as opposed to Remote Keyless Entry (RKE), which would make it harder for an attacker to read the signal due to the fact that criminals would need to be at close proximity…

Source…