The Nigeria Computer Emergency Response Team has the mission to achieve a safe, secure and resilient cyberspace in Nigeria that provides opportunities for national prosperity. ngCERT is
established to prepare, protect, and secure the Nigerian cyberspace in anticipation of
attacks, problems, or events. ngCERT is saddled with the responsibility of
reducing the volume of future incidents.
Incident Response Plan
What is the Incident?
Contain the Issue immediately
Determine the cause of the incident
Get Rid of the issue
Restore service as fast as possible
New Windows Installer Zero-Day Vulnerability. A security researcher discovered and reported a privilege escalation vulnerability in the Windows Installer software component, which was later fixed by Microsoft. The flaw not only allows for the bypass of Microsoft's previous fix, but it also allows for local privilege escalation via the newly discovered zero-day bug. As a result, attackers are actively attempting to exploit the newly disclosed variant of the disclosed vulnerability in order to potentially execute arbitrary code on fully patched systems.
Flubot Malware Targets Androids With Fake Security Updates and App Installations. A newly discovered Android malware, dubbed FluBot, impersonates Android mobile banking applications to draw fake webview on targeted applications. The malware primarily focuses on stealing credit card details or online banking credentials, apart from personal data.
Browser’s DNS Rebinding Attacks. Cybercriminals have been discovered to be using a technique known as DNS rebinding to compromise internal networks by abusing web-based consoles. This method exposes the attack surface of internal web applications to malicious websites after being launched on victims' browsers. The DNS rebinding attack can use victims' browsers as a proxy to expand the attack surface to private networks.
Russian GRU Global Brute Force Attacks. The Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, is reported to be conducting a Global anonymized Brute Force Campaign to Compromise Enterprise and Cloud Environments. This attack is discovered to be targeting government and foreign organizations using brute force access to penetrate government and private sector victim networks.
Cellebrite Forensic Software Security Vulnerabilities. Signal CEO in a successful hacking of the Cellebrite cellphone hacking and cracking tool revealed that the software lacks industry-standard exploit mitigation defenses, thereby making the software vulnerable to exploitations. This is coming after Cellebrite claimed in 2019 that its new tool unlocks almost any iOS and Android device, and in December 2020, that it could easily crack Signal’s encryption. Marlinspike accused Cellebrite of making a living from undisclosed vulnerabilities hence the decision to play it smart with the company by publicly publishing the vulnerability.
Microsoft Exchange Servers Zero-Day Vulnerability. Microsoft has confirmed the attacks against the Exchange servers aimed at stealing email addresses and installing malware to gain persistence in the target networks. This attacks campaign has been attributed to China-based hacker group called HAFNIUM who were exploiting unknown software bugs in Exchange Server to steal sensitive data from select targets. The vulnerability is being actively exploited in the wild by several cyber espionage groups, including LuckyMouse, Tick, and Calypso targeting servers around the world.
APT Compromise of Orion Platforms. Reports revealed recent compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor which began at least since March 2020. It is expected that removing this threat actor from compromised environments will be highly complex and challenging for organizations hence the need to take proactive actions in the protection of government critical national information infrastructures. The cyber-security firm that identified the large-scale hacking of US government agencies says it "genuinely impacted" around 50 organisations. The US Treasury and departments of homeland security, state and defence are known to have been targeted. Russian Intelligence has been accused by the US for the cyber intrusion. Several other organisations around the world are understood to have been targeted by hackers using the same network management software.
ReVoLTE Networks Vulnerability. Recently, a group of security researchers discovered a new vulnerability named ReVoLTE attack. This vulnerability is due to mobile operators often utilizing similarly encryption key to obtain multiple 4G voice calls that takes place through similarly base station. This vulnerability could allow a malicious attacker to manipulate encrypted content of a recorded Volte call so as to eavesdrop the conversation.
Cisco Small Business Routers Vulnerabilities. According to Cisco, different categories of vulnerabilities were discovered from different Cisco routers. This vulnerabilities ranges from static default credential, Management interface remote command execution, authentication bypass, arbitrary code execution, and privilege escalation.
Multiple Security Vulnerabilities for Adobe Products. Adobe has released an update for multiple adobe products in Windows, MacOS, and Linux. The updates resolves critical out-of-bounds Read and Write vulnerabilities that could lead to arbitrary code execution and information disclosure.
ngCERT 2nd Advisory on WannaCry/WCry/WCrypt0 Ransomware Warm and Remote Desktop Protocol (RDP) & Server Message Block (SMB) Protocol Vulnerability. The Remote Desktop Protocol (RDP) and a vulnerability in the implementation of the Server Message Block SMB protocol of Microsoft Windows Operating System is currently being exploited by a ransomware called WannaCry worm. The worm encrypts all files on an infected computer’s hard drive.
Windows 10 Task Scheduler Zero-Day Vulnerability. Microsoft Windows Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The exploit "functions reliably on 32- and 64-bit Windows 10 platforms, as well as Windows Server 2016 and Windows Server 2019.
The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for...
"Antiphishing.ng Project is a collaborative effort to create a community driven public repository about phishing that works to build additional tools to benefit the security community at large."
"tunCERT is the National CERT of the Tunisian government under the National Agency for Computer Security. tunCERT is one of the CERT that graciously partook in pioneering ngCERT"
"FIRST is a recognized global leader in incident response that brings together a variety of computer security incident response teams from government, commercial, and educational organizations."
"Team Cymru was formed in 1998 to learn the "who and why" of malicious Internet activity. This focus on attribution resulted in the uncovering of the "what, when, where, and how" of online malevolence"