Nigeria’s growing digital economy faces escalating threats from hackers, prompting the Federal Government to issue at least 33 cyberattack advisories in the past year.
Since July 2023, the Nigeria Computer and Emergency Response Team (ngCERT), the country’s internet police unit under the office of the National Security Adviser (ONSA), has released these advisories to alert Nigerians about new attack methods and vulnerabilities.
International Business Machines Corporation (IBM), a tech innovator, defines cyberattacks as unwelcome attempts to steal, expose, alter, disable, or destroy information by gaining unauthorised access to computer systems.
Of the advisories issued, 22 were in 2024 alone. Three were issued in January, two in February, three in March, five in April, three in May, two in June, and four in July (as of July 12).
Read also: Reliable internet, power crucial for digital economy growth — Chris Wood
The surge in cyberattacks coincides with the COVID-19 pandemic, which accelerated digitisation. The Nigerian Communications Commission (NCC) revealed that monthly internet usage in Nigeria has grown from 125,149.86 terabytes (TB) in December 2019 to 753,388.77 TB in March 2024.
“With increased digitalisation, cybersecurity risks have escalated, necessitating robust protective measures,” stated the National Information Technology Development Agency (NITDA). Check Point Research’s Threat Intelligence Report recently disclosed that Nigerian businesses face about 2,308 attacks across all sectors weekly. According to a report by Kaspersky in June 2023, Nigeria faced the second-highest number of cyberattacks in Africa and the 50th globally.
In 2020, the Federal Bureau of Investigation (FBI) ranked Nigeria as the 16th country worst affected by cybercrime.
“Ransomware attack has suddenly become an addictive profession,” Chris Uwaje, chairman of Mobile Software Solution and a cyber solutions expert, noted in a paper entitled, ‘Nigeria and Cyberworld Vulnerabilities – How do we respond?’
In its July 8 advisory, ngCERT highlighted an increase in ransomware attacks. Ransomware is malware that infects computers (and mobile devices) and restricts their access to files unless a ransom is paid.
Targets include information technology and telecommunication services, with hackers aiming to steal the personal information of individuals and companies served by these firms. Other attacks focus on Android devices, stealing banking credentials and financial information.
A May 27 advisory about Grandoreiro, a multi-component banking trojan, revealed that the malware, which targets over 1,500 banks globally, had infected more than 41 banking applications in Nigeria. “Cybercriminals could use this software to gather sensitive financial data, potentially resulting in financial losses,” ngCERT warned.
Critical infrastructure is also at risk. In August, pro-Nigerien hackers, Anonymous Sudan, attempted to shut down MTN Nigeria’s network in protest against Nigeria’s stance on the coup in the Republic of Niger. Although unsuccessful, the telco experienced some disruptions, according to media reports.
During the 2023 presidential and National Assembly elections, the Federal Government recorded 12.99 million cyberattacks. The attacks occurred between February 24 and 28.
According to the NCC, Nigeria loses about $500 million annually to cybercrime. In 2022, Patricia, a Nigerian crypto platform, reportedly lost about $2 million to hackers.
Cybercrime costs include: data damage and destruction, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption, cost of restoration, and more.
In 2020, the Federal Bureau of Investigation (FBI) ranked Nigeria as the 16th country worst affected by cybercrime.
“This habit (hacking) has grown into a multi-dimensional act of applying magic-bullet tactics to harm the rightful owner/s and cause immense damages and hardships to society,” Uwaje said.
Read also: Cross River to benefit from FG’s $671m creative, digital economy investment
Chukwuemeka Orjiani, chief technology officer of NJALO.NG, noted that Nigeria’s dire economic situation has driven some individuals to cybercrime, making the country a notable source of such activities. According to the World Cybercrime Index, Nigeria ranks fifth globally in cybercrime activities, behind Russia, Ukraine, China, and the United States.
Adesina Sodiya, professor of Computer Science and Information Security at the Federal University of Agriculture, emphasised that cyberattacks are booming and will continue to grow. “Expect more attacks and sophistication. Some of the tools are also available for free,” he said. “These attacks can cause serious financial losses. People are now moving away from physical crimes to cybercrimes.”
Analysts warn that hackers now leverage new technologies, such as artificial intelligence (AI), to perpetrate crimes. The Cyber Security Experts Association of Nigeria predicts that AI will further increase attacks in 2024.
Critics argue that Nigeria is not doing enough to protect its citizens. The ‘CyberCrime (Prohibition, Prevention, etc) Act 2015’ offers an effective, unified, and comprehensive legal, regulatory, and institutional framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes in Nigeria.
However, Orjiani, earlier quoted, highlighted that cybersecurity training is outdated in the country’s universities. “We need to be deliberate about building a cybersecurity curriculum. Security agents and banks need to make efforts in this regard to build local capacity,” he said.
Sodiya, earlier quoted, emphasised the need for increased awareness and adoption of multi-stakeholder strategies to combat cybercrime. “We need to involve everyone who can contribute. While some state governments are setting up cybersecurity committees, they are not involving the associations with cybersecurity experts. Banks are boosting their cyber defences, but there should be a platform for banks, financial services, and experts to collaborate.”
As part of steps to combat rising attacks, NITDA recently unveiled plans to reduce cyberattacks in the country by 40 percent by 2027.
Kashifu Inuwa, director-general of the agency, said: “As we digitise, we know that there is a big threat to our cyber security. There are a lot of criminal activities happening in the cyber space so as we build, we need to build with security in mind.”