The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has urged organizations to adopt stricter cybersecurity measures, such as ensuring that their employees use strong and unique passwords for every account and enable multi-factor authentication wherever it is supported to prevent ransomware attacks.
The warning was contained in a notice issued last weekend by NCC public affairs director Reuben Muoka, even as he advised organizations to ensure regular backups of systems.
The notice came after threat actors Yanluowang gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing the synced credentials. from their browser.
Ransomware is malicious software designed to prevent a user or organization from accessing files on their computer until they pay the attackers. Cisco reported the security incident on its corporate network, but said it did not identify any impact to its business, although threat actors posted a list of files from this security incident on the dark web August 10.
The NCC-CSIRT rated the potential damage from the incident as critical while predicting that successful ransomware exploitation will result in the deployment of ransomware to compromise computer systems, sensitive products, and the theft and exposure of data customers, as well as huge financial losses for organizations by incurring significant indirect costs and could also tarnish their reputation.
The team said; “The first step in preventing ransomware attacks is to ensure that employees use strong, unique passwords for each account and to enable multi-factor authentication wherever it is supported.”
He further revealed that “In response to the attack, Cisco immediately implemented a company-wide password reset. Users of Cisco products should ensure that the password reset pass is successful.“
As a precaution, the company has also created two Clam AntiVirus signatures (Win.Exploit.Kolobko-9950675-0 and Win.Backdoor.Kolobko-9950676-0) to disinfect any potentially compromised assets.
Clam AntiVirus Signatures (or ClamAV) is a cross-platform antimalware toolkit capable of detecting a wide range of malware and viruses.
“User education is key to thwarting this type of attack or any similar attacks, including ensuring that employees are aware of the legitimate channels through which support personnel will contact users, so that employees can identify fraudulent attempts to obtain sensitive information. Organizations should ensure regular backup of systems,” the advisory urged.