Malabo convention reached 15th ratification; Nigeria senate twitter account compromised

and other infosec update from Africa

CybAfriqué is a weekly newsletter that provides news and analysis on cyber, data, and information security in Africa.

Malabo Convention reaches 15th ratification

Good news! The African Union's Malabo Convention on cybersecurity and protection of personal data will enter full force on June 8. This milestone comes a month after Mauritania ratified the convention on May 9, making it the 15th African country to do so since its promulgation by the African Union in 2014. The convention has reached the required quorum for implementation.

The Malabo Convention establishes a comprehensive framework for cybersecurity, electronic communication, and data protection. Although it is expected that every member of the African Union adopts the convention into their local policies, only 15 out of 55 African countries have fully ratified it in the nine years since its inception. Additionally, eight countries have signed but not ratified the convention.

The 15 countries that have ratified the convention are Togo, Zambia, Senegal, Rwanda, Namibia, Niger, Mauritius, Mozambique, Guinea, Ghana, Democratic Republic of Congo, Cape Verde, and Angola. The countries that have signed but not ratified it are Benin, Chad, Comoros, Guinea-Bissau, Mauritania, Sierra Leone, Sao-Tome-et-Principe, and Tunisia. It's important to note that not ratifying or adopting the Malabo convention in other African countries does not necessarily mean the absence of security and privacy protocols. Some countries, like Egypt, have specific policies tailored to their own circumstances, which may include controversial issues such as surveillance, censorship, and government control over data, which the Malabo Convention may not address appropriately.

Nigerian Senate Twitter account used in crypto-phishing scam

On the 20th of this month, the Twitter account of the Nigerian Senate briefly tweeted about a supposed airdrop of the Psyop token. However, the link provided for participation in the airdrop was malicious, leading users to unknowingly release important financial information and/or approve false cryptotransactions.

The tweet by the Nigerian Senate's Twitter handle gained significant traction, with at least 32.8K retweets and 81.1K views before it was taken down.

This incident appears to be part of a larger series of tweets from compromised accounts that scammers used to promote the phishing scam. The fake airdrop link was also shared by other allegedly compromised accounts, including that of Steve Aoki, an American DJ.

The losses resulting from this scam have already surpassed $170k, but the original Psyop team has promised to provide refunds. It is worth noting that Psyop itself is considered a dubious project and has been accused as a scam. The phishing scam is just one aspect of a broader scandal.

Big Picture Stuff

• According to a recent study by Surfshark, Nigeria ranks as the 32nd most breached country in the first quarter of 2023. The report reveals that Nigeria experienced a 64% increase in leaked accounts, with a total of 82,000 accounts breached from January to March 2023. This alarming surge in data breaches in Nigeria is discussed in an article by Ganiu Oloruntade of TechCabal.

• The African Digital Transformation Strategy emphasizes the need for enhanced capacity to detect and mitigate cyber attacks in Africa. The strategy recognizes collaborative ICT regulatory measures and tools as the new frontier for regulators and policymakers in maximizing the opportunities presented by digital transformation across industries. For a comprehensive exploration of cyber governance in Africa, refer to the research paper by Nnena Ifeanyi-Ajufo.

• Chinese hackers conducted a three-year campaign targeting eight of Kenya's ministries and government departments, including the president's office and Kenya's main spy agency, according to a recent report by Reuters.

• Earlier this month, moderators from OpenAI, Meta, and ByteDance across Africa formed a single union. Al-Jazeera produced a podcast discussing how these moderators could reshape the internet.

Headlines

• The NITDA bill is being passed by the Nigerian Senate despite opposition from stakeholders - Nairametrics

• Nigerians can now use their ATM cards as identification cards - Techpoint Africa

• Frauds through mobile communication in Tanzania have decreased by 17%, according to the country's communications authority - DailyNews Tanzania

• Kenya is entering into an agreement with Singapore to enhance cybersecurity and digital development - Africa Cybersecurity Magazine

• The government of Benin is denouncing cybercrime and vowing to crack down on cybercriminals - Africa Cybersecurity Magazine

Quote of the Week

"Your account number being the same as your phone number is not the hard flex we think it is. It's a huge security risk, exposing you to various (security) issues. And none of the fintech companies that offer this option provide additional security measures to mitigate it."

- Literally me, on Twitter, on the rise of fintechs that allow customers to use their phone numbers as their bank account numbers.

Across the World

• A threat actor group established their business based on pre-infected devices - Trend Micro

• Pegasus spyware has been discovered for the first time in the context of war - GovInfoSecurity

Post Notes

This edition is relatively short as it has been a quieter week in African information security. Nonetheless, please remember to share, and we'll see you next Saturday!