Ransomware in Egypt, Kenya; Nigeria cashes out on new data protection law

CybAfriqué is a weekly newsletter covering news and analysis on cyber, data, and information security on the African continent.

Ransomware in Egypt and Kenya

Rhysida Ransomware Group has listed Kenya’s Bureau of Standards (KEBS) on its darkweb portal, and so has the LockBit Ransomware group listed Egyptian shipping and logistics corporation, Gulf Agency Company, as a victim of its ransomware. 

First, Rhysida and KEBS; it’s unclear what is at stake for KEBS, which is just a national consumer protection and product standardization authority. While it may looks good on Rhysida’s portfolio, it’s not exactly an haven for highly sensitive data or digital operations. 

This is in my opinion reflective of Rhysida’s inexperience in the security landscape. The group just made its debut in May, according to reports, and its methodology is considered sub-par to other ransomware and extortion groups. 

LockBit and GAC Egypt; LockBit is a more complex, high-profile group whose ransomware has undergone at least three major iterations. The Russian-speaking group maintains a slew of public programs and publicity stunts, and is popular for once offering $1,000 to people willing to tattoo their logo.  Since 2020, organizations in the U.S. alone have paid an estimated $90M to the group as proceeds from over 1,700 attacks. In January, the group’s attack on the U.K Royal Mail caused the mail corporation to shut operations for weeks. 

Earlier this year, cybersecurity authorities seven countries consisting of The U.S., U.K, France, Germany, Australia, Canada, and New Zealand issued an extensive report on the group. 

LockBit’s attack on an Egyptian corporation highlights a shift in attention to African business and organizations.  

Nigeria’s new data law gets it World bank funding

After years of paperworks, Nigeria has finally secured funding by the World Bank and its partners to implement a ID for Development scheme which is planned to improve inclusion, accessibility, and versatility of the country’s identification scheme. 

While this has been in the works since 2020, the World had been hesitant to approve funding due to irregularities with the country’s data protection regulations. In June, however, Nigeria’s new president signed a new extensive personal data protection bill into law, which among other things, provides a stronger framework for the protection of personal data, thus greenlighting the funding from the World bank. 

The goal is to extend the national digital ID scheme to more people and into rural areas, and also increase the use of this scheme across numerous identification and verification areas. The deadline for implementing this to at least 85% of the population is June 2024. 

Features 

• Nigeria is placing a limit on contactless payments to curb card fraud.  

• Using keyloggers and some good old phishing, here’s how some insiders stole over $640,000 from Kenya’s M-Pesa.

• A (percieved?) security breach has scuttled crowdfunding efforts for Zimbabwe’s ChatGPT alternative.

• Nigeria has suffered several data breaches recently, and its data protection commissioner wants to change that.

Headlines

• 38% of Kapersky’s Respondent in South Africa says they were unaware their personal data was in public. - IT News Africa

• Gabon’s National Data Center will be built by an indian firm. - WeAreTech Africa

• Nigeria is amending its cybercrime law to contain AI and other emerging tech. - NairaMetrics

• Nigeria wants to create a cybersecurity lab by 2024. - Gazette NGR.

• Tanzanian businessman sues Vodacom for $4M over data privacy violation. TechNext24

• Nigeria’s Data Protection Commission says CBN directive on bank customer’s social media handle is illegal. - NairaMetrics

• Gauteng “tech entrepreneur” locked up for international fraud scheme. - MyBroadband SA

• United Band for Africa exposed hackers who stole money from over 1000 accounts. - PM Nigeria

• Nigeria’s Data Regulator says it will sanction executives of MDAs for data breaches - NairaMetrics

• South Africa Information regulator fines justice department for R5 million. - Mail & Guardian SA

• Top suspect in OPERA1ER cybercrime operation arrested in Africa. - The Record

• Following chargeback fraud fiasco, Union54 is back with a superapp. - TechCabal

Across the world

• Online romance scams are netting millions of dollars, and pushing some to self-harm. - NBC News 

• How a cloud flaw gave chinese spies a key to Microsoft’s kingdom. - WIRED

Remember to share and subscribe. See you next week.