Mr Amos Safo, The Writer

By Amos Safo

The recent disruption of the services of Electricity Company of Ghana (ECG) due to the failure of its internet and technology systems could be a timely warning for Ghanaian companies, especially those whose operations largely depend on IT systems.

What happened to ECG, (which led to the near collapse of services) should reawaken our consciousness about the reality of cyber hacking. Within one week of the disruption of the internet services many businesses, including small scale ones that depend on electricity suffered operational setbacks. This gives cause for both private and public sector organisations to make their IT systems robust.  In fact, terrorism has moved from ship jacking, piracy, kidnapping, contract killing to cyber hijacking and espionage.   Cyber-attack happens when there is an unauthorized system or network access by a third party.

Cyber-attacks have several negative effects. When an attack is executed, it can lead to data breaches, resulting in data loss or data manipulation. Besides, organizations incur financial losses, customer trust gets hampered, and there is reputational damage. ECG suffered some or all of these negative effects within the few days it suffered the disruption. In fact, if ECG had competitors, its brand would have suffered reputational damage in favour of its competitors.  For better or for worse ECG is currently a monopoly, though it is operating as public company. Some theories suggest that what hit the power supplier could be an insider attacked, perhaps to resist the efficient measures the new managing director and his team have put in place to resuscitate the company’s efficiency and prudent resource management.  Other theorists suggest that a political agenda to create a semblance of ‘dumsor’ ahead of 2024 elections could be the motivation. Whatever the case, it is timely warning to all organisations to alert of potential cyber attacks

Types of cyber attacks

According to experts, the different types of cyber-attacks are malware attack, password attack, phishing attack, and SQL injection attack.

Malware Attack

Malware attack is one of the most common types of cyberattacks. “Malware” refers to malicious software viruses including worms, spyware, ransomware, adware, and trojans. The trojan virus disguises itself as legitimate software. Ransomware blocks access to the network’s key components, whereas Spyware is software that steals all confidential data without knowledge of the owner. Adware is software that displays advertising content such as banners on a user’s screen. Malware breaches a network through a vulnerability. When the user clicks a dangerous link, it downloads an email attachment or when an infected pen drive is used.

Phishing Attack

Phishing attacks are some of the most prominent widespread types of cyberattacks. It is a type of social engineering attack wherein an attacker poses as a trusted contact and sends the victim fake mails. Unaware of this, the victim opens the mail and clicks on the malicious link or opens the mail’s attachment. By doing so, attackers gain access to confidential information and account credentials. They can also install malware through a phishing attack.

Password Attack

It is the commonest form of attack wherein a hacker cracks a password with various programs, using password cracking tools like Aircrack, Cain, Abel, John the Ripper, Hashcat, etc. There are different types of password attacks like brute force attacks, dictionary attacks, and keylogger attacks.

Man-in-the-Middle attack

A Man-in-the-Middle Attack (MITM) is also known as an eavesdropping attack. In this attack, an attacker comes in between a two-party communication. Technically the attacker hijacks the session between a client and host. By doing so, hackers steal and manipulate data.  This is common in Ghana with mobile money fraud, where criminals intercept mobile money transactions and empty their victims’ wallets within seconds. 

Denial-of-Service Attack

A Denial-of-Service Attack is a significant threat to many companies. Using this strategy criminals target systems, servers, or networks and flood them with traffic to exhaust their resources and bandwidth. When this happens, responding to the incoming requests becomes overwhelming for the servers, resulting in the website it hosts either shut down or slow down. This leaves the legitimate service requests unattended. If indeed ECG suffered a cyberattack, this could have been one of the strategies the hackers used, knowing ECG mainly uses websites and bandwidth for most of its operations.

Insider threat

Perhaps, of all the threats to businesses ‘insider threat’ is the most dangerous. As the name suggests, an insider threat does not involve a third party but an insider. In such a case; it could be an individual from within the organization who knows everything about the organization and can cause tremendous damages. I have already alluded to the possibility that ECG may have suffered an insider attack, judging from the scale of the disruption. Reasons for insider attack are many; it can be greed, malice, anger against management policy, internal control measures or even carelessness. Insider threats are hard to predict and very hence tricky. To curb insider attacks, management of organisations should have a good culture of security awareness, build team spirit, foster open communication and create a sense of belonging. In addition, companies must limit the IT resources staff can have access to depending on their job roles. Also, organizations must train and motivate essential employees to detect and report insider threats.

Zero-Day Exploit

A Zero-Day Exploit happens after an organisation announces a breakdown in its network and operational systems. This happens when the vendor notifies the vulnerability and had to inform its customers; however, this news also reaches the attackers. While the vendor or the developer could take some time to fix the problem, the attackers target the disclosed vulnerability. This means it is sometimes prudent for organisations to be circumspect with the scale disclosure of information about their operations to the public. To curb this, organizations should use management solutions to automate the procedures. Besides, organisations should have a well-planned incident response strategy to help deal with a cyberattack.

Watering hole attack

In such an attack, the attacker targets websites which are frequently used by the targeted group. Websites are identified either by closely monitoring the group or by guessing. The malware in such an attack targets the user’s personal information and sometimes takes remote access to the infected computer.  After this, the attackers infect these websites with malware, which infects the victims’ systems and to large extent the organisation’s systems.

Measures against attacks

The imminent cyber-attacks call for regularly updating software to reduce the risk of an attacker exploiting vulnerabilities. Checking for security patches should be done regularly. It is also advised to conceal online activities by using a VPN. A VPN delivers a secure connection to another network over the Internet and acts as a shield for browsing activity.

Besides, users of IT systems should regularly change passwords by using strong alphanumeric passwords which are difficult to crack. However, experts advise that users should refrain from using too complicated passwords which they can forget.  Also companies and individuals need to update both operating system and applications regularly, as this is a primary prevention method for a planned cyber-attack.

Above all, experts advise that we regularly back up our data. According to many security professionals, it is ideal to have three copies of every data on two different media types and another copy in an off-site location (cloud storage). This insulates organisations in the course of a cyberattack. In fact, the ECG service disruption raised many questions whether Ghana’s only power distributor had any backups to its operational systems?

How to prevent cyber attacks

To combat cyberattacks, Ghana needs to implement cybersecurity security at the micro and macro levels. Cybersecurity is the method of safeguarding networks, computer systems, and their components from unauthorized digital access. Cybersecurity is more critical because of the systems networking among inter-governmental agencies. Through the Ghana Card system, many state institutions are now being linked to facilitate work and improve efficiency.

With digitalization driving most of Ghana’s public and private sector operations there should be a national campaign on cybersecurity.  All Ghanaians, especially employees of sensitive private and state institutions and organisations should be educated and sensitized about cybersecurity principles. All Ghanaians must know the various types of cyberattacks and ways to tackle them and be proactive in detecting and reporting cyberattack threats.

A simple way of countering cyberattack is to use the “Two-Factor or Multi-Factor Authentication” strategy. This approach requires users to provide two different authentication factors to verify themselves. When asked for over two additional authentication methods apart from your username and password it is becomes a vital step to secure your account.

With the rise in the use of mobile money interoperability and other electronic systems in Ghana, mobile phones have become a vulnerable cyberattack target. Each day thousands of unsuspecting Ghanaians fall prey to mobile phone hackers, who track deposits and transactions on mobile phones. MTN money, which is the largest mobile money gateway is prone to such attacks. I nearly fell prey to a mobile money hacker last week. Apparently, these criminals hang around mobile money service providers, and as one mentions a number, they write or record it. Minutes after you deposit money into your wallet, they call you to explain that rather than using the right application for the deposit, they used an application used to buy mobile credit. The victim is thus asked to resend the money, for the transaction to be redone. Once one goes into the wallet to resend the money, they quickly hijack the system and siphon all money in the wallet. On this occasion last week, the trickster targeted the wrong person, as I thought him that he couldn’t be smarter than me on cybersecurity. Strangely, his name did not come with the number he used, an indication that some criminals have found an antidote to exposing their identity.

Cyber security month

Since 2004, the President of the United States and Congress declared October to be Cybersecurity Awareness Month, helping individuals to protect themselves online, as threats to technology and confidential data have become lucrative business. This theme for year’s Cybersecurity Awareness Month’s is “See Yourself in Cyber” and underscores the fact that cybersecurity is ultimately about people, which means seeing yourself in cyber no matter your role.

The objective of cybersecurity awareness is to educate people, especially employees in organisations that largely operate on IT be proactive in spotting potential threats. Perhaps, Ghana’s Cyber Security Authority should use October to raise the stakes on cyberattacks, and how to report and avoid it.

***

The writer is a Development and Communications Management Specialist, and a Social Justice Advocate.  All views expressed in this article are his personal views and do not represent those of any organization(s)