MMM outbreak: Nigeria to experience more ponzi schemes in 2017

Deloitte has predicted that cyber ponzi schemes, such as the Mavrodi Mondial Movement (MMM), will continue to be on the rise and could culminate in advanced cyber attacks this year even as MMM had made its landmark in the country. NIYI OLAOYE reports

With fresh investigations that the money spinning Ponzi scheme, Mavrodi Mundial Movement also known as MMM might totally crash  between June-July 2017, indications have emerged that cyber ponzi schemes will continue to be on the rise and could culminate in advanced cyber attacks this year.

More so, some “experts” in Ponzi schemes have said the scheme might not last longer than July of 2017, following recent developments such as multiple registrations by participants by users within the scheme.

While some Nigerians continue to get addictive to ponzi schemes, especially the Mavrodi Mondial Movement (MMM), ( over 3 million Nigerians including the learned and illiterate are participants of the money spinning Ponzi scheme.) an audit firm, Deloitte Nigeria, has predicted that the money-doubling schemes are a bait to advance cyber attacks, suggesting this is likely to happen this year.

The money-doubling scheme promising 30 per cent return on investment for its participants was introduced into Nigeria in 2016 targeting Nigerian audience in the wake of an economic recession.

Industry analysts have said that a ponzi scheme is an illegal or fraudulent investment scheme where the person or organisation running it pays returns to existing investors from capital paid into it by new investors, rather than profit actually earned by the company itself.

In its ‘2017 Nigeria Cybersecurity Outlook’ the possibility of MMM resulting in a tremulous cyber attacks have been predicted.

This, if it happens, is expected to worsen the current economic losses of N127 billion annually to cyber crimes. “With the recession in 2016 came several schemes that promised unbelievable financial returns on investment.

These schemes generate returns for older investors by acquiring new investors or from re-investors. “Such schemes rely on a constant flow of new investments to continue.

When this flow runs out, the scheme falls apart. The end game is eventually that there will not be enough money to go round and the schemes unravel,” the report said.

It added that a key characteristic of these schemes is that they are not regulated, suggesting that if something goes wrong, no one is accountable.

In 2017, there would be a rise in these cyber ponzi schemes as the economic recession looms, it said. It says that as these schemes evolve and begin to use cryptocurrencies such as bitcoins that are not yet regulated or where identities are not traceable, the schemes will become more fraudulent and people would lose their money.

Partner, Risk Advisory at Deloitte Nigeria and Author of the report, Mr. Tope Aladenusi, noted that one major reason why these schemes thrive is that it works the first time, thereby encouraging the investor to try again. Another reason, he said, is because of personal relationship referrals – “it is working”. He said: “Some of these schemes are actually used as bait to advance other types of attacks.

The schemes leverage social engineering techniques to obtain confidential data such as bank details of the victims. Some of the schemes require victims to visit infected websites that can compromise the individual’s computer.

As a result, systems could be attacked with malware, which could affect the user or organization’s data. “Cyber ponzi schemes are addictive in nature as it feeds on greed and usually does not stop until the user gets seriously hurt. If you really wish to invest, consider doing so with licensed investment organisations.”

Looking back

In 2016, several organizations suffered cyberattacks, as some reportedly had to pay ransom for their data to be released. According to the Minister of Communications, Mr. Adebayo Shittu, the Federal Government estimated the annual cost of cybercrime in Nigeria to be about 0.08 per cent of the country’s Gross Domestic Products (GDP), which represents about N127 billion.

Also, as predicted in Deloitte’s annual cyber security forecast, 2016 saw a rise in the number of sophisticated phishing attacks; these occurred on multiple Nigerian financial institutions and utility companies.

However, the volume of electronic transactions being carried out in the country has increased significantly either on Automated Teller Machines (ATMs), Point of Sales (PoS), Internet banking among others.

For instance, Nigeria Inter-Bank Settlement Systems Plc (NIBSS), which is the inter-banking transaction platform in the country, reports that monthly transactions on PoS has grown to N81 billion monthly in 2016.

More transactions have been recorded on NIBSS Instant Payment (NIP), National Electronic Fund Transfer (NEFT), Automated Teller Machine (ATM), among others.

Meanwhile, the Deloitte 2017 Nigeria Cybersecurity Outlook also provides insights into other aspect of cyber security that would characterize 2017 and which organisations and individuals should be wary of.

According to Deloitte, ransomware has been around for a few years and has become one of the most feared and destructive online threats.

Ransomware could also be viewed as “cyber-kidnapping”. In this case, data is kidnapped and a ransom is expected to be paid for the affected data to be made available.

Several organisations in Nigeria suffered ransomware attacks in 2016 and this trend is expected to continue.

The report said the effect of the attacks included loss of critical information and operational downtime, which resulted in financial losses.

“Ransomware will get better at being more stealth, evasive and destructive. We are likely to see built-in advanced anti-virus evading features and ability to rapidly spread across networks before detection.”

Accordingly, Deloitte report predicted that network administrators will continue to face such ransom scenarios and it is more likely that organisations, especially fast growing SME’s, will be targeted. The good news is that prevention is possible if individuals and organisations follow some basic cyber security practices.

Increase in cloud-based attacks

Cloud computing has evolved from many different technologies and more organisations are migrating their infrastructure, platforms or software to the cloud.

This has led to prevalence in cloud email providers, data collocation centres and so on. According to Aladenusi, “just like every new technology breeds several security challenges, as these cloud services begin to converge and Cloud Service Providers (CSPs) start hosting the data for several organisations, attackers would shift their focus from individual organisations to the cloud service providers.”

He said this puts a huge burden on organisations, as there would be difficulty in monitoring an organisations perimeter as their security administrators may have limited control over issues from the cloud.

“In essence, as organisations move to the cloud, their investments in security including tools and processes that cover their on-premise devices, would need to be re-evaluated for the cloud, while considering the value that CSPs have to offer in terms of security and the additional controls that need to be in place,” adds the report.

Cyber intelligence as-a-Service

According to Aladenusi, disturbing trends such as commercialisation of malicious software (malware kits) is transforming the cyber security landscape, stressing that there has never been a time where launching a Distributed Denial of Service (DDoS) attack was as easy as it was in 2016.

“A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

The norm in security has been investing in the best available firewalls and antimalware technology, which remains a foundational element of any security architecture.

“With the overwhelming traffic generated by DDoS, such tools are no longer a viable option as they are more reactive in their approach as opposed to being proactive in dealing with such attacks.”

Increased use of analytics, others

He, however, explained that 2017 will see the increased use of analytics and threat intelligence techniques and solutions to proactively disrupt future cyberattacks.

For such solutions to be effective, a 24×7 intelligence information gathering and monitoring process will be required. An intelligence early warning system empowered by machine learning and other advanced use of analytics will be sought-after.

The parsing of various data feeds about cyber activity will be analysed and actionable intelligence information from several sources will form the basis against potential threats and impending attacks.

The adoption of the outsourced cyber intelligence service will grow in 2017 as organisations that lack the required skilled resources and seek to cut cost of setting up the infrastructure will choose to outsource such services.

Other cyber-related problems projected to characterise the economic space this year include the tendency for increase in Internet of Things (IoT) compromises, among others.

Way forward

This year, as organisations increasingly link their operational processes to their cyber infrastructure and adopt new technologies such as cloud computing, IoT, among others, effective cyber security management and awareness would be key to an organisation’s ability to protect its assets, reputation, intellectual property, staff and customers.

“One of the ways to mitigating cyber- attacks is for organisations or country to implement a proper cyber security framework to protect their national critical infrastructure,” said an IT security and connectivity consultant, Mr. Ahmed Adesanya.