While the growth in connectivity and convenience for hundreds of the people in Lesotho are making the life easier, the country is on the other hand facing the risk of being entangled in a web of cyber criminals who put digital interactions under threat from attackers, both sophisticated actors, and highly capable criminal groups, who seek to disrupt and exploit these data flows and their digital ecosystems.
business
Feb. 29, 2020
STAFF REPORTER
6 min read
Malicious and nuisance cyberattacks worry Lesotho
Dr Monyane Moleleki Deputy Prime Minister of Lesotho
This is the observation of Deputy Prime Minister Dr Monyane Moleleki speaking at the first of its kind national cyber security symposium held in Maseru on Friday February 28. He said cyberspace vulnerability has enabled cyber criminals to thrive and some cyber-attacks have reportedly been launched from their territories, by rogue elements in their society.
“This cyber vulnerability is influenced largely by the fact that Lesotho's cyberspace legislation has not been enacted and criminals and corrupt officials exploit it…with this poor cyber security and inadequate legislation, rapid digital growth has created a cybercrime haven in our Kingdom and has scuttled digitalisation and as such, we are not able to reap dividends of digital economy,” he emphasised.
Cyber security is described as a body of technologies, processes and practices designed to protect networks, devices, programs and data from attack, damage or unauthorised access.
Addressing the symposium that was attended by local and international cyber security experts, government officials, cabinet ministers, members of parliament and representatives from higher learning institutions as well as private sector, communications minister Chief Thesele Maseribane said the government of Lesotho needed to fast track implementation of cyber security regulation through training of public servants in general.
Prey, a device management and reactive anti-theft solution company with ten years’ experience in securing multi-OS phones, laptops and tablets, says “a cyberattack is an attack that is mounted against us (meaning our digital devices) by means of cyberspace – a virtual space that doesn’t exist, has become the metaphor to help us understand digital weaponry that intends to harm us. What is real, however, is the intent of the attacker as well as the potential impact. While many cyberattacks are merely nuisances, some are quite serious, even potentially threatening human lives.”
Enjoy our daily newsletter from today
Access exclusive newsletters, along with previews of new media releases.
According to Prey, from infiltrations on infrastructure and data breaches to spear phishing and brute force, online threats are varied and they don’t discriminate organisations from individuals when looking for a target.
“A cyber or cybersecurity threat is a malicious act such as computer viruses, data breaches and denial of service attacks that seeks to damage data, steal data, or disrupt digital life in general. Sadly, they are becoming more and more of a threat in today’s smart world … and they come in three broad categories of intent as attackers are after: financial gain, disruption and/or espionage – including corporate espionage (theft of patents or state espionage),” explains Prey.
Prey lists at least ten common cyber threats:
Malware software that performs a malicious task on a target device or network, e.g. corrupting data or taking over a system; phishing which is an email-borne attack that involves tricking the email recipient into disclosing confidential information or downloading malware by clicking on a hyperlink in the message; spear phishing which is a more sophisticated form of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts.
There is also ‘man in the middle’ (MitM)attack, where an attacker establishes a position between the sender and recipient of electronic messages and intercepts them, perhaps changing them in transit. The sender and recipient believe they are communicating directly with one another. A MitM attack might be used in the military to confuse an enemy.
The Trojans, named after the Trojan Horse of ancient Greek history – the type of malware that enters a target system looking like one thing, e.g. a standard piece of software, but then lets out the malicious code once inside the host system.
There is an attack that involves encrypting data on the target system and demanding a ransom in exchange for letting the user have access to the data again – ransomware, which range from low-level nuisances to serious incidents like the locking down of the entire city of Atlanta’s municipal government data in 2018.
Denial of service attack or distributed denial of service attack (DDoS) is where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand.
Attacks on IoT Devices, like industrial sensors, are vulnerable to multiple types of cyber threats, which include hackers taking over the device to make it part of a DDoS attack and unauthorised access to data being collected by the device. Given their numbers, geographic distribution and frequently out-of-date operating systems, IoT devices are a prime target for malicious actors.
Data breach is a theft of data by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an institution (e.g. Edward Snowden or the DNC hack) and espionage.
There is also malware on mobile apps. Mobile devices are vulnerable to malware attacks just like other computing hardware. Attackers may embed malware in app downloads, mobile websites or phishing emails and text messages. Once compromised, a mobile device can give the malicious actor access to personal information, location data, financial accounts and more.
Dr Moleleki revealed that the recent report by the World Bank titled ‘Lesotho Digital Diagnostic’ depicted that the potential of digital economy is way underutilised due to lack of legislation that protects activities in the cyber space.
One of the cybersecurity experts at the symposium Nick Keen from Microsoft advices that it is important to protect one’s identity by changing passwords regularly as well as using finger prints because hackers are able to get such information to get crucial information.
According to Professor Kiru Pillay, cybercrime and cyber bullying expert from the University of Witwatersrand, cyber security is the practice of defending computers, networks and data from malicious attacks.
“It is very wise for the country to have tight cyber security because cybercrimes are not restricted, a person can hack from anywhere not only in his country,” he warned, adding that Lesotho rated at 28% cybercrime penetrability through social media and through dark which consists of illegal information, drugs and fake news.
The local cyber security expert from the National University of Lesotho (NUL) Napo Mosola, said despite the importance and urgency of every country, Lesotho included, of protecting its national data and that of individuals, the country still does not have adequate regulatory framework to support cyber security and there is also lack of public awareness about cybercrimes.
“It would be ideal to start cyber security training from as early as primary level. Civil servants and private sector should be given training on cybercrime and cyber security as soon as possible,” he said.
Chief Maseribane said there was an urgent need for the government of Lesotho to strengthen its cyber systems, applications and cyber security by putting in place the best practices copying from other governments from the region and globally.
According to Irene Mutiz Ruiz’s contribution to the Stanford University management science and engineering’s recent study on the cyber security challenges that the developing countries are experiencing, cyber security is a big challenge in developing countries.
She wrote: “Developed countries have started exploiting the vulnerabilities of cyberspace to gain supremacy and influence over their rivals. To be able to use the cyberspace, the developing countries rely on the products made by the western world and what is more important is that they use the technology developed by the same countries to protect their information.”
According to Ms Ruitz since the beginning of this century “we have been facing a new type of conflict worldwide which is the control of cyberspace. The main dilemma being faced in cyberspace is lack of universal understanding of definitions, norms, values, rules, regulations and laws on the use of the internet in general and the prosecution of criminals in particular.”