Today's Bulletin: January 23, 2025

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Filter by Categories
Africacom
AfricaCom 2024
AI
Apps
Apps
Banking
Broadcast
CABSAT
Cabsat
Cloud
Column
Content
Corona
DTT
eCommerce
Editorial
Education
Entertainment
Events
Fintech
Fixed
Gitex
Gitex Africa
GSMA Cape Town
Healthcare
IBC
Industry Voices
Infrastructure
IoT
MNVO Nation Africa
Mobile
Mobile Payments
Music
MWC Barcelona
MWC Kigali
News
Opinion Piece
Q&A
Satellite
Security
Software
Startups
Streaming
Technology
TechTalks
TechTalkThursday
Telecoms
Utilities
Video Interview
Follow us

NCC Rolls Out Preventative Measures to Combat ATO Incidents

October 17, 2022
3 min read
Author: Akim Benamara

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) have rolled a series of preventive measures following increased reports of Account Takeover (ATO) incidents to the Nigeria Computer Emergency Response Team (ngCERT).

An advisory from the body on Tuesday described an ATO attack when cybercriminals gain access to a user’s credentials in order to compromise the user’s account, pose numerous risks to the individual and the organization that he or she represents, as it provides a breeding ground for future attacks by cybercriminals, who change the user credentials once inside the account, effectively locking the user out.

Measures prescribed by NCC-CSIRT for mitigating falling victim of an ATO attack applying rules of password complexity when creating passwords and using different passwords for different accounts, which is simplified by usage of password manager.

Other measures are changing passwords periodically, enable Multi-factor authentication (MFA) on all accounts, installing up-to-date effective anti-malware solutions on all devices and keeping abreast of phishing techniques as well as taking preventative measures.

The measures were in response to the trend whereby cybercriminals have devised several methods for obtaining user credentials through methods like phishing, which involves sending malicious emails to targets to trick them into disclosing sensitive information such as login credentials.

They also infect a target device with malware such as a key logger, spyware, or banking Trojan, which allow cybercriminals to gain access to user credentials and use them to take over a user’s account.

Another method of the cybercriminals is the use of brute-force attacks, a method of trial and error in which an automated script is used to guess multiple passwords against an account in the hope of eventually finding one that works. In addition to credential stuffing, when usernames and passwords are leaked in a data breach, cybercriminals will attempt to gain unauthorized access to other accounts with the same username by using the leaked password, because most people use the same password across multiple accounts.

NCC-CSIRT rated the probability of an ATO attack as high with potential for doing critical damage as its implications are numerous. These include cybercriminals that gained access to one’s banking apps using it to transfer money from one’s account. If an employee’s account is compromised, it can also be used to phish within an organization, steal sensitive information from the organization or insert malware into the network.

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with ngCERT, established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

Follow us on LinkedIn

Newsletter signup

Sign up for our weekly newsletter and get the latest industry insights right in your inbox!

Please wait...

Thank you for sign up!