By
The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has raised the alarm over the increasing incidents of Account Takeover (ATO) attacks, emphasizing the critical risks they pose to individuals and organizations. The advisory, issued on Tuesday, outlined measures to mitigate the impact of these attacks, which occur when cybercriminals gain unauthorized access to a user’s account credentials.
According to NCC-CSIRT, ATO attacks provide an entry point for further exploitation, including locking users out of their accounts, unauthorized financial transactions, phishing within organizations, theft of sensitive information, and injecting malware into networks. The report also warned of the growing sophistication of cybercriminals who employ techniques like phishing, brute-force attacks, and credential stuffing to compromise accounts.
Phishing involves sending deceptive emails to trick individuals into sharing sensitive information, while brute-force attacks use automated scripts to guess passwords. Credential stuffing occurs when hackers exploit previously leaked usernames and passwords to access multiple accounts, taking advantage of users who reuse passwords.
To counter these threats, NCC-CSIRT recommended key preventive measures, including creating complex and unique passwords for each account, using password managers, enabling multi-factor authentication (MFA), and updating passwords periodically. They also urged the installation of effective anti-malware solutions on all devices and emphasized the importance of staying informed about evolving phishing techniques to identify and avoid malicious attempts.
NCC-CSIRT rated the probability of ATO attacks as high, warning that their impact can result in significant financial losses, data breaches, and system compromises. The team stressed the importance of vigilance and adopting robust cybersecurity practices to safeguard personal and organizational accounts.
This advisory follows an increase in reported ATO incidents received by the Nigeria Computer Emergency Response Team (ngCERT), highlighting the urgent need for proactive measures to protect users and infrastructure.
