The Osun State Government has issued an urgent warning to the public about a security breach involving one of Governor Ademola Adeleke’s telephone numbers.
Governor’s spokesperson, Olawale Rasheed, made the announcement on Tuesday, July 16, 2024.
Rasheed advised the public to ignore any communications from the compromised number, +234 803 365 7555.
He said, “Please disregard any solicitation from +234 803 365 7555. Appropriate action is ongoing to remedy the situation.
“Authorities are currently investigating the breach and are working diligently to secure the governor’s communication lines.
“The public is urged to remain vigilant and report any suspicious activities to the relevant authorities. Further updates will be provided as the situation develops.”
This comes five months after the Cross River State government issued a similar warning after Governor Bassey Otu’s phone number was hacked too.
Statement from the governor’s chief press secretary, Emmanuel Ogbeche, who confirmed this in February 2024, said the criminals sent out unsolicited messages allegedly from Governor Bassey Otu seeking financial assistance.
The statement advised the public to discountenance such messages.
“The public is pleased advised to disregard any such messages purportedly from the Governor.
“One of the Governor’s mobile numbers was breached by hi-tech criminals in the early hours of Sunday, February 11, 2024.
“The hackers have gone on to utilise the breached number to advance their nefarious activities to try to scam unsuspecting individuals. Please, do not fall to such devious attempt.”
The statement, however, revealed that the hacked number has been secured, and that relevant security agencies are working to apprehend those behind the obnoxious act.
Meanwhile, Nigeria Computer Emergency Response Team (ngCERT) has detected increased ransomware attacks by the Phobos ransomware group, specifically targeting critical cloud service providers in Nigeria.
The body established by the Federal Government to reduce the volume of future computer risk incidents in Nigeria’s cyberspace revealed that the organisations most at risk include providers of information technology and telecommunication services, such as managed cloud services, whose clients include critical government agencies, financial institutions, telecommunications, education, healthcare, service providers, and Non-Governmental Organisations (NGOs) in the country.
According to the Nigerian Communications Commission (NCC), Nigeria has lost $500 million to cybercrime. This is due to the rising incidence of cyberattacks globally and locally. According to reports, a cyberattack occurs every 39 seconds, and cybercrimes have increased by nearly 300 percent since the COVID-19 outbreak.
Different studies have proved that the pandemic led to a surge in Internet usage and created a feasting ground for cyberattacks.
ngCERT highlighted that Phobos attackers enter vulnerable networks through phishing campaigns to deliver hidden payloads or by employing IP scanning tools like Angry IP Scanner to identify susceptible Remote Desktop Protocol (RDP) ports.
It noted that Phobos ransomware modifies firewall configurations, utilises evasion tools like Universal Virus Sniffer and Process Hacker, and employs token theft and privilege escalation techniques through Windows API functions to evade detection. It stated that these hackers deliver unique ransom notes and communicate with victims via email, voice calls, and instant messaging platforms.
The body explained that a successful attack could result in system compromise, ransom payment, data encryption or system lockout, data loss and exfiltration, financial losses, Denial of Service (DoS), and fraudulent activity using compromised systems.
While the body did not name already affected organisations, it stated that it actively collaborates with vulnerable and affected organisations to resolve their incidents and prevent further escalation.
It also listed other recommendations for relevant organisations in an advisory titled, ‘Escalation of Ransomware Attack in Nigeria.’ “It is essential for organisations to proactively implement the mitigation strategies outlined in this document to help prevent the spread of the malware,” ngCERT added.
