Cybercriminals are using any means necessary to gain access to sensitive data. [Photo/racolblegal.com]

Do you have a lead on a newsworthy story? Share news tips with us here at Hivisasa!

Cybercriminals are now easily gaining access to data belonging to the government, private entities or individuals through the use of third-party software vendors.An alert issued on Thursday by the Communications Authority of Kenya (CA) warns computer or mobile phone users that they risk falling prey to cyber criminals who have perfected the art of using third party software in the supply chain to make a killing.“Cybercriminals are using any means necessary to gain access to sensitive data. Since third-party software suppliers or vendors have fewer security controls, they have become easy prey for these attackers,” read the statement in part.“A supply chain attack also called the value-chain or third-party occurs when an attacker infiltrates a system and takes advantage of the inherent trust between users and their software providers. Supply chain attacks are now moving into the mainstream of cybercrime, with a number of successful attacks in 2016 and 2017.”According to the alert, the situation has been exacerbated by the increased offers of free anti-malware products.The free anti-malware is used as a bait to lure unsuspecting users, while the real intention is to have the anti-malware installed into a computer or mobile phone, then use it to capture personal and confidential data.“Such vendors later monetize the data collected or use it to their political or business advantage. This trend applies not only to anti-malware solutions but also any other third party software,” said the Authority.In most instances, vendors introduce complex disclosure statements that are in part designed to obscure intent as to what data is being collected and whether it can be sold or any other breach.The authority has advised the public to be wary or refrain from using free or low-cost cybersecurity software because they are potential threats. “Users should strive to determine their monetization methods and their policies,” read the statement.