The state policy Bank, the Development Bank of Ethiopia (DBE), is among the companies whose websites were destroyed by malware, malicious software which damages or disables computers and computer systems, for more than a month. The damage brought an embarrassment to customers who could not access the website to tap information. The incident that disrupted the works of the Bank put its relationship with its customers at unease for a while.
“We were forced to quit using the website for weeks,” said a head of the Information Technology (IT) department at DBE. “It arose from ignorance.”
The website attack occurred while DBE’s IT expert was transferring a file from a USB disk to the Bank’s computer. Such kinds of malware infections are mostly set by IT technicians and hackers intending to damage a computer system to disrupt a workflow or steal data. The malware that attacked DBE originates from online even though it entered into the website through a USB disk.
“Malware easily transfers from one computer to another through USB disks and networks,” said Filmon Tekele, an IT expert, who has a decade of experience in the area.
Besides the easily transferable nature of malware, lack of IT literacy and carelessness among computer users contributes to its spread. The head of the IT department at DBE, for instance, was not sure that the Bank’s website was infected with malware. He initially was of the opinion that it is a regular problem that could happen with any computer in any institution. However, an expert who checked the problem found that the crash of the website was an illustration of a cyber attack.
As it appears to be, computer networks with a weak security system are also more exposed to cyber attacks.
“Yes, this denial of service is a risk that comes with a weak security system as is observed in most of the financial or whatever institutions,” explained an anonymous IT expert who spotted DBE’s website blackout.
Denial of service, hacking and defacement of private and government websites are not unusual incidents in Ethiopia. The attack on the Ministry of Defence’s website last December was among the shocking cyber vandalism. It was an accidental phenomenon fired up by random hackers who could not be traced to date.
Needless to say, many public institutions including the websites of Dire Dawa University, the Ministry of Education, the Pharmaceuticals Fund & Supply Agency, the Ministry of Finance & Economic Cooperation, and Commercial Nominees Plc had been attacked during the political unrest, particularly in Oromia and subsequently in Amhara regional states, nine months back.
Ever since the advent of digitalisation, the value of data has been growing astonishingly everywhere in the world. Information and data have become precious assets to organisations and businesses. This has called for immense cyber attacks. On the contrary, as companies and governments have to protect themselves from such exposition, a lot of research has been carried out to come up with a sophisticated cyber security innovation to counteract attacks and ensure safe operation in the ever digitalised community.
Nevertheless, malicious and unbeaten attacks are frequent in the news. A year ago, one of the local newspapers which has been operational in the market for two decades, was under attack by anonymous hackers.
“Our website was not accessible for two days since it was hacked by unknown groups associated with Pakistan,” said the Editor-in-Chief of the newspaper. The local newspaper had to spend over 50,000 Br to retrieve the website.
Studies show that cyber security is dependent on behavioural dimensions of users. It is indicated that the enormous number of cyber attacks is caused by behavioural limitations of users globally. A report conducted five years ago by Verizon Data Breach Investigations reveals that about 96pc of cyber attacks are easily reversible using good practices.
A member of the Cyber Defence, Readiness & Response Team at the Information Network Security Agency (INSA) also shares the finding of the investigation.
“Similar website defacements occur every day,” the team member said, adding that, “since sites are quickly built, they are not up to the standard and capable enough to resist attacks.”
Since recent times, with the coming of WannaCry malware, many countries in the world are under the risk of cyber attacks. Over the past three weeks, many municipalities and citizens have fallen prey to cyber attacks that began hitting targets worldwide.
As it was identified first by the Russian cyber security firm, Kaspersky Labs, the Russian Telecom giant was one of the primary targets of the malicious virus. First occurring on May 11, 2016, WannaCry attacked over 300,000 machines in two days alone with a large-scale attack on Russia’s telecommunications infrastructure.
The virus tends to exploit a vulnerability in Windows operating systems, such as Windows XP, Windows 7, Vista, Windows 8 and Windows 10, to encrypt files without the authorization of users, said the team member of cyber defence at INSA.
Known as “WannaCrypt” and “WannaDecrypt”, WannaCry encrypts a computer’s documents, music, pictures, and all other files, making them unreachable to the victim. It then makes the victim a hostage until the victim pays a ransom of 300 dollars to regain the files. If payments are not made within three days, the ransom doubles to 600 dollars.
The WannaCry malware was initially made from a cyber weapon developed by US National Security. This weapon, among others, was stolen by Shadow Brokers, a group of hackers who gave it to the creators of WannaCry ransomware, according to CNN.
Many cyber security companies including Kaspersky and Symantec attributed the initiation of the malware to a hacking operation linked to the controversial state of North Korea. The code similarity, according to CNN, that was revealed five days after the emergence of WannaCry has raised a red-flag on North Korea’s involvement in the case.
The unprecedented attack of WannaCry has affected 200,000 systems in more than 150 countries, including Ethiopia. European countries were the highest to bear the brunt of the malware. British hospitals, Spanish telecoms, France Renault and German railway, were amongst those forced to quit services for a while after the malware attack.
The attack of WannaCry is not singular to Ethiopia. Merima Mohammed, who requested her name to be changed, is among the victims of malware viruses. After her computer was attacked by hackers, she was asked to pay the ransom by unidentified hackers to get her files back.
“It was so puzzling for me to be attacked by such a virus. I have not seen such things except in movies,” Merima told the Reporter, a local weekly newspaper, at the time she was attacked by the virus. She had never thought she would be the target of a cyber attack.
Although Merima had an encounter with a malware virus half a year ago, the recent similar attacks coming from the infamous WannaCry was scary for her. It is, in fact, the biggest large-scale malware attack in the history of digitalisation, according to experts.
Her computer was hit by the virus twice while she was browsing the Internet. In both instances, the virus froze the system and files on her computer. Following that, the window screen with a dialogue box asked her to pay 500 dollars to unlock her computer.
Making the problem worse, payment is only accepted in Bitcoin, a cryptocurrency and a digital payment system used for online transactions. The WannaCry malware also tells users bluntly – “maybe you’re busy looking for a way to recover your files but do not waste your time, nobody can recover without our decryption services.”
When Merima’s computer was attacked for the second time, she was curious to know whether there was a way to pay the ransom or not. Fortunately, due to the unavailability of an electronic payment system in Ethiopia, she did not send the money to the unknown vandalists.
“I was not able to pay the requested ransom for the lack of access to an online system even if I was capable of paying the 500 dollars,” Merima added, whose computer was finally fixed after being formatted.
After observing similar attacks, the state cyber guard, INSA, urged individuals and institutions to be cautious and protect themselves from malware.
About 256 of the attacks in Ethiopia have been targeting key public organisations such as telecommunications infrastructure, the financial sector and railway system, not to mention the thousands of attempts on others every day.
“The attack would have been irreversible and unbearable if our team had not controlled it,” said the cyber army member of INSA.
Filmon believes an aggressive campaign of creating awareness can help to prevent the malware attacks, if not minimise the extent of destruction that comes from it in the country.
Leave a Reply