Mozambique: Seven Congolese detained for illegal mining - AIM
Mozambique cyberattack aftermath: CERT’s findings and recommendations – Lusa
5:16 CAT | 01 Mar 2022
Image: CERT Moçambique
A study on last week’s cyberattack on Mozambican public Internet portals recommends reinstalling the housing structure ‘from scratch’, as well as reinforcing it.
“It must be considered that all data on the server has been compromised,” and “it is advised to reinstall the machine [from] scratch, using the most recent and up-to-date operating systems and software versions”, a document by the Centre of Studies, Response and Treatment (CERT) of computer incidents in Mozambique reads.
CERT (Computer Emergency Response Team) in Mozambique, like similar groups in other countries, voluntarily brings together professionals from the sector. The study is signed by André Tenreiro, a computer security technician.
“Everything indicates that the attack was [directed] at a shared hosting infrastructure,” where different institutional ‘sites’ of the gov.mz domain were hosted an that all were hacked in a so-called ‘mass web defacement’ incident, reads the analysis, based on publicly available data.
The webpages were replaced by one from a group calling itself the Yemeni Cyber Army (YCA), which announced the attack on the Telegram messaging platform on February 20th, at 10h11m p.m. (local time) , the study details.
“There is no certainty that this group is the same group that claimed some attacks on the Saudi Ministry of Foreign Affairs in 2015 and released their data,” adds the study.
The analysis, conducted with tools available on the Internet, shows that this attack was the latest of in a series targeting Mozambican websites “in recent months”, and furthermore that the structures housing these websites have many vulnerabilities, some of them critical, which need to be corrected.
On the same Telegram channel, the group published the raw data of the structure of databases allegedly copied from Mozambican portal. Tenreiro notes that one of them indicates that it contains users’ emails and the passwords to access the attacked system – but the data lack validation.
In one of the posted messages, the ‘hackers’ published a Bitcoin (electronic currency) address demanding a ransom to restore the ‘sites’, but “it was not possible to detect any transaction” from it, notes the study.
“It should be noted that extortion requests through Bitcoin are becoming less common due to the lack of privacy behind the system. Instead, the cryptocurrency Monero has been more used by more sophisticated criminals,” it adds.
In conclusion, CERT “does not recommend extortion payments” because “there is no guarantee that attackers will keep their word”.
Creating two-factor authentication (that is, with an additional code sent securely, in addition to the access password), renewing ‘passwords’ without repetition and with more difficult patterns, compartmentalising data and sealing access to administrative applications of the company with passwords on the machine itself are among the other suggestions.
Source: Lusa
Show comments
Also read
Leave a Reply
Be the First to Comment!
You must be logged in to post a comment.
You must be logged in to post a comment.