Kampala, Uganda | THE INDEPENDENT | Cyber experts have explained the weak links often used by cyber criminals to access company systems.
At the beginning of the month, yet to be identified hackers broke into Uganda’s mobile money systems and made off with billions of shillings. The hackers compromised the system of a third-party integrating service provider, Pegasus Technologies which links the mobile money systems of telecoms with local and international banks and other financial providers.
Unconfirmed reports indicate that over 1.5 Billion Shillings might have been lost by Airtel while MTN being the mobile money giant is believed to have lost more than that amount.
Bruno Mwebaze an ethical hacker and tutor at the Institute of Forensic and ICT Security says that there are simple things organizations usually ignore yet they are being explored by hackers to comprise systems.
Mwebaze says avoiding cyber-attacks is not an individual role but a responsibility of every person within an organization. For instance, leaving an open e-mail account, the untimely response of unusual behavior detected in a system, sharing e-mail passwords, opening documents or e-mails in internet cafes could all be a starting point for hackers.
Allan Sserwanga, another tutor at the institute explains that hackers have increased their target on third parties. Third parties come in because companies systems are designed differently.
Peter Magemeso says software such as Kali Linux, parrot and Ubuntu all can be used for offensive and defensive purposes. For one to be secure, Magemeso says you must know how to use such software to create attacks and how to use them to defend your system from intruders.
Magemeso further explains that cyber intruders usually use two methods which include phishing and man-in-the-middle. Phishing is the fraudulent attempt to obtain sensitive information or data such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
With phishing, one creates a connection with a machine or system. This happens when the system’s timeframe is about to expire or has expired.
Sserwanga, Magemeso and Mwebaze say ‘phishers’ keep monitoring whatever one does on a computer and keep taking screenshots of whatever is being done.
Mwebaze, Magemeso and Sserwanga are currently working with security agencies to set up robust cyber units. They have trained cyber investigators and have been hired to investigate unauthorized access to systems. Mwebaze says one incident that left him shocked was when late last year a ‘phisher’ sent a photo link of singer Rema Namakula’s honeymoon to a local bank branch’s manager.
Rema’s photo link caused the loss of millions of shillings since the manager was doing computations on her computer. The incident was also captured in last year’s crime report. To minimize cases of hacking systems, Sserwanga says companies should organise regular cyber training to their staff.
*****
URN