Cybervergent, a leading cybersecurity technology company, has released its half-year cyber threat report, highlighting a significant surge in cyberattacks targeting Nigeria’s financial institutions and telecom companies. The report, which covers the period from January to June 2024, reveals that the company detected a staggering 586,130 cyberattacks on the organizations it manages across the country. The findings underscore the growing threat posed by cybercriminals to Nigeria’s digital landscape, with financial institutions and telecom providers being key targets.
Automated Protection and Endpoint Security
Cybervergent’s report details the extent of its efforts to mitigate these threats. Out of the 586,130 attacks identified, the company successfully resolved 226,103 through automated processes, preventing significant damage to the affected organizations. Cybervergent’s sophisticated cybersecurity infrastructure was able to detect, analyze, and respond to these threats in real-time, minimizing disruption. These automated solutions significantly reduced the response time, enabling organizations to continue operations with minimal impact.
In addition, the company managed to protect 19,920 endpoints, ensuring the security of critical devices such as computers, mobile phones, and other network-connected equipment used by the targeted organizations. These endpoints often serve as entry points for cybercriminals, making their protection vital in defending against potential breaches. Cybervergent’s robust endpoint security measures helped prevent attackers from accessing sensitive data or taking control of systems.
Cybervergent’s CEO, Femi Awelewa, emphasized the importance of their proactive approach in defending businesses from evolving cyber threats. “With a deep understanding of the threat landscape and a relentless pursuit of innovative security solutions, we are poised to continue our unwavering defense of the financial sector and other industries’ digital landscape, safeguarding organizations’ trust and confidence in the face of ever-changing cybersecurity challenges,” Awelewa said.
Threat Actors Targeting Nigeria and Insider Threats
The report also sheds light on the key cybercriminal groups targeting Nigeria. Awelewa identified several high-profile threat actors that were active in the first half of 2024. These included notorious groups like Gelsemium, Equation Group, Lyceum, Gamaredon, Circus Spider, Mirage, Common Raven, Bronze Highland, and Earth Krahang. These sophisticated threat actors are known for their ability to exploit vulnerabilities in various sectors, particularly financial institutions, telecom companies, and public services.
Gelsemium, a cyber espionage group, was singled out for its highly targeted attacks on high-profile organizations across multiple sectors. According to Awelewa, this group employs custom malware and advanced techniques to evade detection, making them one of the most dangerous actors on the scene. Their primary targets include public administration, educational services, and entities linked to national security. The sheer scale of Gelsemium’s operations underscores the need for robust cybersecurity measures and constant vigilance.
In addition to external threats, Awelewa emphasized the growing danger of insider threats, which can often be just as damaging as external attacks. He categorized insider threats into three main types: disgruntled employees, accidental insiders, and negligent insiders. Unhappy employees, motivated by anger, financial gain, or personal dissatisfaction, pose a significant risk to organizations, as they can deliberately sabotage systems or leak sensitive information. Accidental insiders, meanwhile, may unwittingly cause harm by making mistakes that cybercriminals can exploit. Negligent insiders, on the other hand, fail to follow proper security protocols, such as sharing their credentials or leaving their devices unsecured, making them easy targets for attackers.
Awelewa advised organizations to implement strict measures, such as staff duty rotation and compulsory leave policies, to mitigate the risk of insider threats. By rotating employees through different roles and ensuring regular breaks, companies can minimize the chances of malicious behavior or accidental security lapses going unnoticed.
The Future of Cybersecurity in Nigeria
As cyberattacks become more sophisticated, Cybervergent’s findings highlight the urgent need for Nigerian organizations to adopt more comprehensive and proactive cybersecurity strategies. The financial and telecommunications sectors, in particular, must continue to invest in advanced security measures to keep pace with the evolving threat landscape. Collaboration between private cybersecurity firms and public institutions will be crucial in developing a unified defense against the growing number of cyberattacks.
Cybervergent’s report serves as a critical wake-up call for businesses and government agencies alike, signaling that while technological advancements bring numerous benefits, they also open new avenues for cybercriminals to exploit. With attackers becoming increasingly resourceful, organizations must remain vigilant, implementing robust cybersecurity frameworks to safeguard their operations and protect sensitive data.
