×
  • Tech - News
  • Updated: January 16, 2022

NCC Identifies New Malware Attacking Africa's Telecoms Space Through ‘Infected’ USB

NCC Identifies New Malware Attacking Africa's Telecoms Space

The Nigerian Communications Commission (NCC), has identified a cybercrime group named 'Lyceum' that delivers Malware through infected USB drives to target organizational networks.

NCC notified members of the public over the weekend that the new malware revealed by the security experts has been categorised by the Nigerian Computer Emergency Response Team's ngCERT, advisory as high-risk and critical.

The Iranian hacking group known as Lyceum (also known as Hexane, Siamesekitten, or Spirlin) has been reported to be targeting telecoms, Internet Service Providers (ISPs) and Ministries of Foreign Affairs (MFA) in Africa with upgraded malware in a recent politically motivated attacks oriented in cyberespionage.

The cybercrime group is said to mail out USB thumb drives to many organisations hoping that the organistions will plug the USB into their personal computers, PCs and install the ransomware on their network, ngCERT said.

ngCERT said the major target is businesses but the criminals could soon begin to send out the infected USB drives to individuals.

The USB drives are said to contain malware called ‘BadUSB’ attacks. “The BadUSB exploits the USB standards versatility and allows an attacker to reprogram a USB drive to emulate a keyboard to create keystrokes and commands on a computer,”

“Numerous attack tools are also installed in the process that allows for exploitation of PCs, lateral movement across a network, and installation of additional malware. The tools were used to deploy multiple ransomware strains, including BlackBatter and REvil,”

“The ngCERT noted that the attack has been seen in the US where the USB drives were sent in the mail through the Postal Service and Parcel Service,”

“One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon,” NCC said.

To stay safe, NCC stated that ngCERT recommends that individuals and organisations must not insert USB drives from unknown sources, even if they’re addressed to you or your organization.

“Also, if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contacts the source to confirm they actually sent the USB drive,” it advised.

Specifically, telecom consumers and the general public are advised to: 

Ensure the consistent use of firewalls (software, hardware, and cloud firewalls).

Enable a Web Application Firewall to help detect and prevent attacks coming from web applications by inspecting HTTP traffic.

Install Up-to-date antivirus programmes to help detect and prevent a wide range of malware, trojans, and viruses, which APT hackers will use to exploit your system.

Implement the use of Intrusion Prevention Systems that monitor your network.

Create a secure sandboxing environment that allows you to open and run untrusted programs or codes without risking harm to your operating system.

Ensure the use of a virtual private network (VPN) to prevent an easy opportunity for APT hackers to gain initial access to your company's network.

Enable spam and malware protection for your email applications, and educate your employees on how to identify potentially malicious emails.

Related Topics

Join our Telegram platform to get news update Join Now

0 Comment(s)

See this post in...

Notice

We have selected third parties to use cookies for technical purposes as specified in the Cookie Policy. Use the “Accept All” button to consent or “Customize” button to set your cookie tracking settings