Monday, 31 October 2016


Every October we celebrate Cyber Security Awareness Month by organising events aiming to raise awareness. This year, the fourth and final week of the Cyber Security Month was dedicated to Mobile Malware due to the fact that we increasingly depend on mobile devices and cybercriminals use this to their advantage, to get access to information and money, or to just do harm, while also developing a number of threats which are particularly designed to operate on mobile platforms.

  •          Countries organised events aiming to raise Cybersecurity awareness
  •          Over 140 million records were leaked
  •          Fighting back Cyber criminals bear fruits in some countries.
  •          Cybersecurity discussion was accommodated to many other events

A good number of events happened in October and Cybersecurity was among the key topic discussed during these events – I personally participated and took part in several events across Africa. I’ll discuss few among them as follows.

Future-Sat Africa in Ethiopia – among others we looked at the rapid growth of mobile usage and the fact that cybercrime is also rising faster here than anywhere else in the world. We strongly advised companies and countries to draw up their telecom threat map and devise appropriate response strategies. Categories of cybersecurity preparedness include legal, tech, organisation, capacity building, and cooperation.

Capacity building in security includes IT security, digital forensics, university courses, and industry-academic cooperation. Satellites provide cyber-resilience and data connectivity backup to millions. Unfortunately, satellites have also become a battleground as countries jam each other’s signals.

AfICTA Summit 2016 in Namibia - with the theme internet of things (IoT) for sustainable development accommodates a lengthy discussion about the challenges facing the IoT. The vulnerability of IoT devices — which range from baby monitors to thermostats to high-end refrigerators and coffee makers — is causing a lot of anxiety.

Internets of things (IoT) devices in people’s homes have been used in the many cyberattacks. It’s sparked talk about whether manufacturers should include tough anti-hacker features in all of their products.

Cybersecurity Awareness event in Bungoma – Bungoma County organised a special events targeting youth in universities aiming to raise awareness on cybersecurity matters. Students were exposed to the knowledge of what is cybercrimes and how to protect themselves against cybercrimes.

Annual ICT management and leadership Conference in Kenya – I also had an opportunity to address delegates on cyber security where I spoke about Ethical hacking (penetration testing), How we can manage the growing cyber risk, I also touched on the elements of good and effective awareness program.

The last day I addressed on the latest threats and highlight the defense mechanism against RANSOMWARE. It is very clear that, for us to stay a step ahead of adversaries -- of which there are all too many -- federal IT decision makers must step back from their day-to-day routines and prioritize vulnerabilities. 

On the other hand, over 140 million records were leaked in October this year (2016) and that’s just the ones we know about. However, in terms of data breaches and cyberattacks, it’s been rather quiet, and that the majority of records leaked this month have been from breaches that occurred in prior months.

One of the biggest stories this month was the outage of some major sites such as Twitter, Spotify and Reddit. The outage was caused by a massive DDoS attack on Dyn, which is the DNS service that the above sites and many others use. The majority of people who weren’t able to access these sites were based on the east coast of the United States.

Good news is, In October there a good number of success story in fighting back cybercriminals.

CHINA: Two people who illegally traded students’ information in Shanghai were jailed for personal information infringements. The buyer surnamed Wang, a part-time basketball trainer, paid 18,000 Yuan (US$2,658) to the seller, surnamed Lin, for personal information of primary and middle school students around the city. His aim was to entice parents to sign up their children for basketball lessons. Information included students’ names, addresses, birthdates, their parents’ names and phone numbers.

United States (US) & CZECH REPUBLIC: A grand jury has issued a criminal indictment against Yevgeniy Aleksandrovich Nikulin, a 29-year-old Russian accused of hacking LinkedIn, Dropbox and a third web service. The indictment was made public by the U.S. Department of Justice. The federal government has confirmed Nikulin was the Russian citizen arrested in Prague by Czech police.

He was wanted by the FBI in connection with the theft of 117 million LinkedIn passwords and login credentials. LinkedIn (LNKD, Tech30) had initially claimed that 6.5 million passwords were stolen in the 2012 attack. But in May, the company revealed the theft was actually 117 million.

United Kingdom (UK): Telecoms Company TalkTalk has been issued with a record £400,000 fine by the ICO for security failings that allowed a cyberattacker to access customer data “with ease”.

The ICO’s in-depth investigation found that an attack on the company last October could have been prevented if TalkTalk had taken basic steps to protect customers’ information.

ICO investigators found that the cyberattack between 15 and 21 October 2015 took advantage of technical weaknesses in TalkTalk’s systems. The attacker accessed the personal data of 156,959 customers including their names, addresses, dates of birth, phone numbers and email addresses. In 15,656 cases, the attacker also had access to bank account details and sort codes.

INDONESIA: A man was arrested for broadcasting pornography on an electronic billboard in the country’s capital gained access to the system after it displayed its log-on credentials.

On Wednesday 5th October 2016 Jakarta Police Chief Muhammad Iriawan said that the suspect, 24-year-old Samudera Al Hakam Ralial, admits he hacked the IT system of the billboard operator but claims that the broadcast of the porn movie was accidental.

Twitter in social media-mad Indonesia was set alight by the incident, which occurred not long after Friday prayers last week in the Muslim-majority country.

Many users posted clips of the billboard as it displayed a Japanese porn movie to passing traffic.

According to Iriawan, Samudera said he didn’t realize a pornographic website he accessed after breaking into the computer system was uploaded to the billboard

With all that has happened during the Cybersecurity awareness month 2016 – All we need to know is that Cybercrimes is on the rise and there is a need to step up and react with the same speed as cybercriminal.

No comments:

Post a Comment