Cybercrime shoots up during the Covid-19 lockdown
By Dan Ayebare
Joseph Sebandeke, 23, a student at Makerere Business Institute recently sent me an internet link to what he claimed was a money making venture. He had been introduced to it by another friend who convinced him he would earn a simple living from the ‘business’ even without investing. This was after he confided in him about his financial struggles due to the Covid 19 lockdown.
Keep Reading
“My brother try out this business I am doing. I have always been reluctant to do online businesses but these times are hard. We need to keep afloat,” Sebandeke cunningly tried to convince me over the phone.
My efforts to change his mind over what I suspected was a scam fell on deaf ears as he retorted and remarked that ‘desperate times call for desperate measures’.
According to Cosmas Wamala, a CyberOps analyst, such vulnerable targets have been exploited by scammers and hackers since the Covid 19 pandemic forced the entire world into a lockdown.
“Many people have multiplied internet usage for work and majorly entertainment while ignorant of the fact that the rate of cybercrime has shot up just like the pandemic. Increase in cybercrimes may be because most people are working from home and therefore may not have the same level of security controls over their networks like at their workplaces.” says Wamala.
The most common cybercrimes have been financial targets on online banking applications and fake news websites that claim to be tracking Covid 19 cases in real time hence attracting several unsuspecting users.
The National Information Technology Authority-Uganda (NITA-U), an autonomous statutory body established under the NITA-U Act 2009 to coordinate and regulate Information Technology including matters relating to cyber security in Uganda is aware of the increase in cyber-crime according to Emmanuel Mugabi the Information Security Operations Manager at the authority.
Mugabi says that due to the fact that most organisations have staff that are working remotely from their homes while accessing systems in their offices, cyber criminals have taken this as an opportunity to attempt unauthorized access by attempting to hack into systems used to provide the remote access.
Mugabi also says web conferencing attacks have also increased due to the increased usage of applications like Zoom and Skype during this COVID-19 lockdown.
“In most cases, this has resulted into hundreds of downloading applications with few understanding how to securely use them. As such, unauthorized people attend such meetings with the aim of disrupting operations or listening in to conversations,” says Mugabi.
NITA-U operates the National Computer Emergency Response Team and Coordination Center (CERT.UG/CC) which frequently provides alerts to organisations.
Mugabi says NITA-U urges organisations to follow updates on the CERT.UG/CC (www.cert.ug) website. He says NITA-U also runs several advisories and awareness online using social media and the media.
Cyber-attacks continue to shoot up globally as the World Health Organization in April disclosed that 450 of their active email addresses and passwords were leaked online amid a big overall increase in attacks directed at its staff. The others allegedly included the Gates Foundation, the US Centres for Disease Control and Prevention (CDC) and the National Institutes of Health, according to the Washington Post.
The BBC on Tuesday reported that scammers are sending 18 million hoax emails about Covid-19 to Gmail users every day. The tech giant says the pandemic has led to an explosion of phishing attacks in which criminals try to trick users into revealing personal data. The company said it was blocking more than 100 million phishing emails a day. Over the past week, almost a fifth were scam emails related to coronavirus.
EasyJet, a British airline group on the same day admitted that a "highly sophisticated cyber-attack" had affected approximately nine million customers. It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details "accessed" also as reported by BBC.
Reports indicate that numerous security vendors have reported a massive increase in phishing and other scams by attackers trying to exploit the global concerns around the pandemic to steal credentials, plant malware, and cause other mayhem. In many cases, adversaries have established malware-laden fake domains designed to take advantage of people looking for information related to the pandemic.
In 2016 through collaboration with the Commonwealth Telecommunications organisation, the global cyber security Capacity centre facilitated an assessment of cyber security capacity of Uganda and it was deemed almost all dimensions in regard to cyber security are at a start-up level and lacking. In 2018, Uganda was ranked as the most secure cyberspace in Africa by the global National Cyber security index though.
The report noted that the one of the challenges of curbing cyber-crime in Uganda, the government has no centralised budget specifically to fight cyber criminals. Every ministry allocates its budget separately depending on previous experiences and their future plan.
It also stipulates that the private sector lacks awareness on cybercrime and much of the society though aware is inconsistent in observing safety measures.
The law and national response team:
Uganda has several legislations in place, which address internet misuse. These are the computer misuse act 2011, the Electronic signatures act 2011, the electronic transaction act 2011, Electronic misuse act and the data protection and privacy act 2019.
The Computer Emergency Response team also ensures the protection of the nation’s critical information structures, assist in drafting the overall plan on the country’s approach to cyber security related issues.
Basic cybercrime internet user prevention tips:
Do not click on unknown links.
Do not open suspicious attachments or emails as it could be a malware to infect your computer ans system.
Update your systems with the latest updates from the vendor..
Report suspicious incidents via info@cert.ug
