Bangaly Koita

Bangaly Koita is a Cyber Security Analyst and researcher working for Radarcs Cyber Security in Vienna-Austria. As a passionate in cyber security, he writes articles to share his knowledge and experience to the vast community of IT but in general Cyber Security.

Three attacks frameworks that Cyber Security members should know

Almost every day, you may hear from the news that a company was hacked and the data was leaked.

Most of the attacks happened in passive mode, which means that the companies are not aware of the attack. One of the most efficient ways to detect and respond to any Cyber Threats is to implement some detection and responsive measures.

The three frameworks that are going to be described below, will help you to detect and respond to any threat against your organization.

  1. Cyber Kill Chain

The following framework helps the organization to identify the steps used by the attackers to perform an attack.

The framework was developed by Lockheed Martin, the framework is part of the Intelligence Driven Defense model for identification and prevention of cyber intrusions activity.

Cyber Kill Chain® | Lockheed Martin

The framework is divided in 7 steps:

  • Reconnaissance: Finding any weakness that can be used to target the organization (Vulnerabilities, looking for details about the target over the network or gathering information about the target)
  • Weaponization: After gathering information about the target and finding a weakness, the threat actor tries to leverage it by create a malicious file or programs that will be sent to the target.
  • Delivery: Sending the malicious file or program to the target (phishing, drive by download)
  • Exploitation: At this stage the threat actor, exploits the vulnerability.
  • Installation: The threat actor tris to install a malicious software in order to gain high level privilege.
  • Command & Control: Establishing a communication with the target’s system
  • Actions on objectives: The threat actor meets his objective (data exfiltration) by exfiltrating
  1. MITRE ATT&CK

MITRE ATT&CK is the knowledge base that help different actors to find out the tactics and techniques used by the adversaries to compromise a system.  The framework can be used by anyone without any charge. The framework contains information about mitigation steps to detect any anomaly and protect the infrastructure and any system that might be infected (Enterprise, Mobile, ICT).

MITRE ATT&CK

MITRE ATT&CK is divided in 14 phases to find the tactics and techniques used by the threat actor.

  • Reconnaissance
  • Resource Development
  • Initial Access
  • Execution
  • Persistence
  • Privilege Escalation
  • Defense Evasion
  • Credential Access
  • Discovery
  • Lateral Movement
  • Collection
  • Command and Control
  • Exfiltration
  • Impact
  1. The Diamond Model of Intrusion Analysis

The model consists of 4 models that help you to identify how the intrusion can occur in the infrastructure.

The model helps to find the “who,” “what,” “when,” “where,” “why,” and “how.” Of the attacks in order to detect and mitigate the threat before.

The models:

  • Adversary: The attacker or threat actor behind the attack.
  • Capabilities: Are the set of skills and tools in the possession of the threat actor
  • Victim: The infrastructure, system, individuals targeted by the threat actor
  • Infrastructure: Are the software and hardware used by the threat actor to target the victim.
  • Social-political – The reason of the attack (financial, espionage, hacktivism)
  • Technology – How the threat actor can operate and what technologies the adversary used to operate and communicate.

 In conclusion, the three frameworks described here are very useful to detect and respond to different threat. Without referring to one of the frameworks, it will be very difficult almost not possible to mitigate the threat within your environment. Using them will be a step forward to being resilient against any attack.

Phishing message on Facebook mimicking Meta to target many businesses in Austria

On the 1 March 2023, i connected on my Facebook page and found a strange notification from the page "Socail Network Registry 1011999162" . I clicked on the notification and found out the message below.

https://www.facebook.com/Socail-Network-Registry-1011999162-117752521246073/

As a Cyber Security and OSINT lover, i was wondering why Meta will publish such message on a third party. 

I checked the page creation date and found out that the page is created on the 01.03.2012,the same date that the message was sent, which was alarming for me.

As you read above, the message is tricking users to click on a link to reactivate their account because the page was reported for identify theft.

The message contains an URL on which you should click to reactivate your account.

I took the user and verify from Browserling - Live interactive cross-browser testing

 

 

The image above, shows a fake Facebook page logo and registration to trick people to enter their credential. The intention is probably stealing the credential and ask money later to recover the account.

The actor behind the page sends the same notification to many third parties located in Austria including my page as well.

I checked the URL on Virus Total and got the following information:

https://www.virustotal.com/gui/url/1d43e62c0c1d4ed58919330306f534648b04650adc7f87047d204b55cbf0068e

The domain was submitted 2 hours ago. The final URL is available, so I checked the final URL and I got another useful information:

Whois Lookup Captcha (domaintools.com)

The domain was created on the 2023-03-01.

At this point, we can be pretty sure that the domain is a phishing domain to trick people to click on the link to enter their credential.

Be always careful before entering your credential and do not forget to use 2FA to secure your account

 

How to use URLSCAN part4

This is the part 4 and the last of (How to use URLSCAN part3 – osintafrica)

  • SEARCH

URLSCAN can help to perform different types of searches to find more information about an indicator such as IP address, domain, file, hash, ASN number and others.

Click on the “Search” button.

It is very important to first read the documentation. Click on the “Help” button to read about how to perform different searches.

Let’s give some examples of queries that we can perform in the Search menu.

  • Search for domain

If you want to find more information about a specific domain such as how the domain looked before and the connection between the domain with others domains or website, you can use the “domain:” query. We will give an example using microsoft.com.

Search - urlscan.io

 

 

In the image above, we can see the search result showing the domain Microsoft.com with different subdomains related to Microsoft.com and others domains or website where Microsoft.com was mentioned following with the time and the location it was scanned.

Click on each link where Microsoft.com is mentioned to see how the domain was at the time it was scanned; this technic can also help you as analyst to find out how the domain looked in the past. Many phishing websites changed the website interface after abusing many people over the internet so this technic can reveal such activity.

As you see, they are some domains or subdomains where Microsoft.com is not mentioned, we need to find out the relation between Microsoft.com and the domain.

Click on fraction.azurewebsites.net, go to HTTP transaction, search for Microsoft.com

AS you can see, Microsoft.com is used as redirect chain. This technic is often used by the threat actor to hide their activities and it can be also used to find the correlation between the domains.

 

  • Search for IPs

Search - urlscan.io

As you see in the image above, we entered the IP address 23.35.192.180 and we got the domains and subdomains behind the IP address. This technic can be used to find phishing related domain behind an IP address.

  • Search for Hashes

The hash can help you to make a correlation between the domains. Usually, the threats actor can use the same file but changed the domain, so this technic is good one to find such activity.

Example:

Click Microsoft.com, go to HTTP transaction, expand one http transaction request where the hash is available.

Hover the mouse on the hash and copy the hash, click on the Search menu and enter the query like you see in the picture below.

Now, we can see others websites that’s used the same hash.

  • Search for Filenames

The same thing as we described in the previous section, the same filename can be used by the threat actor but with different domains name, we can use the same technic like we did to find the domain or website that used the filename. Be aware that the same file name does not mean that the file if the same, you need to compare the hash and also the file content to ensure that the files are the same.

Example:

From HTTP transaction, copy the file you wish to check

Go to search, enter the query like you see in the picture below, all the result from the search will appear.

In order to verify if the file is unique, click on the URL, go to HTTP transaction compare the hash and the file content.

Like I said before, you can perform many types of searches using the search field. As a security guy you should know what you are looking for before making the search. The best way to learn is by practicing on the daily basis.

To conclude what we have explained, URLSCAN is very amazing tool that all security guys should use to make easier their job while analyzing different information like we showed in our examples.

The tool can help you save many times as it contains many types of queries that will help you to find more information during your analysis.

If you never used it, it is the time for you to start using and if you did not know the features we explained, then we suppose that you already know so enjoy.

How to use URLSCAN part3

This is the part 3 of (How to use URLSCAN part2 – osintafrica)

Now, lets go to the “HTTP” menu

  1. HTTP

In this menu, we can see all the HTTP transactions after the URL has been submitted.

The HTTP transactions consist of all the resources (HTLM, Script, AJAX, Images …) used by the website.

 

This section is very useful for the analyst.

Click on one of the options available

  • In our case, we click on the button “Image” to find the image described in the section Image and all the files used by the image.

Click on the “expand” sign to see more details about each file.

We can observe the following details:

Full URL shows the requested image from Host: www.reddit.com.

We can find others information such as the server’s name used, TLS protocol version used, the Hash of the image used, the software used and others …

Click on the Show headers to find the details about the request headers and the response headers from the server side.

Click on Check archive.org that will lead you the website https://web.archive.org (You can Google search to find more information about it)

Click on each option (HTLM, Script, AJAX, Images) available to learn more about.

2. Redirect

Here, you will find all the redirect links on the website.

3. Links

The page contains all the links available on the website.

You can click on each of them or scan each of them to more details about.

4. Behaviour

The menu contains the information about the Security Headers, the Cookies, the JavaScript global variables used

5. Indicators

This menu contains all the domains, IP addresses, hashes used by the websites.

6. Similar

You will find some information about the URLS, ASN numbers, IP address, domains scanned on the website.

7. DOM

This menu is very useful as it has the whole map of the website such as the scripts used by the website, the HTML code used by the website and others …

8. Content

the Form (Google search for Form object DOM) used in DOM is available.

9. API

The API used by URLSCAN to get the information from the servers

Part4 (How to use URLSCAN part4 – osintafrica)

 

How to use URLSCAN part2

This is the part 2 of How to use URLSCAN part1 – osintafrica

Now, let’s move further, we can see in blue color, 11 menus available.

Now we will describe the utility of each menu

  1. Summary

Click on the “Summary button” to find more details about the menu.

The menu contains all details about the submitted domain.

When you look at the image above, the following details are visible:

The number of domains and IPs that were contacted by the submitted domain.

The main IP address with location and the domain hosting provider are also available.

The certificate detail used by the website with his validity period.

The website was scanned 3 times

  • Show scan

This submenu will show you the number of times the domain has been already scanned. You can click on each scan to have more details such as how the domain looks at the time it was scanned, the IP address, ASN behind the domain at the time it was scanned.

  • Domain classification

The second part of the Summary menu is the classification of the domain provided by Google Safe Browsing.

The image above shows that Google Safe Browsing classified the domain as “No classification” which means that the domain is cleaned following the rating score available on Google Safe Browsing.

  • Domain and IP information

7 submenus are available at the section.

The menu IP/ASNs contains the information about all the IPs addresses contacted by the domain while being submitted with their ASN (Autonomous System Number).

You can click on each IP address and ASN to find more information.

The submenus “IP Detail” and “Domains” and “Domain Tree” contain some information about the IPs and the domains contacted by the submitted domain. You can click on each section to see the information available.

 

The submenu “LINK” contains all the link redirecting to others domains or URLS.

You can click on each link to get more details about.

The submenu “Certs” contains the list of all certificates used by the submitted domain with the validity period.

You can click on the crt.sh on the right side to get more details about the certificate

 

The submenu “Frames” will show you if the website is using any URL Frames.

  • Image

After describing different submenus from the Summary, from the right side, once the domain has been submitted, the main image from the website will appear in real time.  

We can see how the website behind the domain submitted looks like. This is very important during an investigation, for example when you are analysing a phishing issue, it is necessary to view the website without connecting directly to it.

You can click on “Live screenshots” and “Full Image” to have better visibility of the image.

  • Detected technologies

Here, we can find some technologies used by the domain. Notice that this is very important for you as analyzer. For example, When the website is compromised, the threat actor might embed a malicious code into the website, by checking this, you might find out the malicious code embedded within your website, checking this, can also help you to find some technologies that need to be updated or are not in used anymore.

  • Page Statistics

This section shows you the whole details about the submitted URL such as HTTP request, domains, subdomains, cookies, IP etc …

Part 3 (How to use URLSCAN part3 – osintafrica)

How to use URLSCAN

URLSCAN is used to perform different types of web scan and also to analyze different IOCs such as IP address, domains, Hashes, filenames and others.

URLSCAN is a tool used by different security teams such as Security Analyst, Cyber Threat Intelligence, Threat Hunting, Incident response team and others.

The tool is divided in 2 versions (community version and paid version).

We will talk about the community version that is available for free.

In order to connect to the Web application, you need to type the domain (urlscan.io), once you connect to the domain, you will get to the following screen.  

In our case, we need two menus (Home and Search)

  • HOME

Once we click on this menu, we can see the scanned queried by the users from different locations.

By default, the tool is showing the public scan mode, if you want to leave the default mode and scan anything, the scan will be visible by everyone.

So, we advise you to click on option and used the private mode if you do not want other people to see the query you entered, this option can also help to avoid alerting the threat actor about your findings.

URLSCAN can anonymize your identity.

Examples:

  • If you want to hide your location, you can click on “country selection” or auto (be aware that the Country selection for the private mode works only on the Commercial plans.)
  • You can change the “User Agent”. For example, if the website you want to scan is for the mobile phone – you can choose one of the Android User Agent.

You can also customize your own User Agent.

  • The “HTTP referer” can be used to custom the HTTP header before scanning.

 

Now, lets scan in a private mode a URL in hazard and analyze its behavior.

After submitting the URL, we can see the IP address 151.101.129.140 from the submitted URL following the submitted URL and the effective information.

From the right side, we can see 5 menus.

The menu “Lookup” will direct you to find different tools such as (Virus Total, crt.sh, Riskiq …). The tools can help you find more details about the submitted domain (click on each of them to learn more about). 

The option “Go To” will bring you to the domain submitted webpage (be careful before you click on it in case it is a malicious domain, you might be compromised).

The option “Rescan” is used to rescan the submitted URL.

The option “Add Verdict” and “Report” are used to add some comments about the submitted domain and contains some details about the scan report. 

The next part is described in the part 2 (How to use URLSCAN part2 – osintafrica)

L’importance de SDLC dans le développement d’une application

Savoir coder est diffèrent de savoir protéger un code. Les failles au niveau des applications de nous jours sont l’un des problèmes majeurs que les experts de la cyber sécurité font face, cela est dû au manque d’intégration de la sécurité dès le début du codage. La plupart des développeurs ne tiennent pas compte de la sécurité par manque de connaissance et de suivi. Pour remédier à cela, il faudra suivre des bonnes pratiques telles que : manque d’intégration de la sécurité au moment de la conception jusqu’ au niveau du développement, de la maintenance et la disposition d’une application, manque de certification et accréditation pour valider l’application, manque d’évaluation périodique, manque de protection du code source de l’application et d’autres.

Il faudra aussi savoir qu’il y aura toujours des failles au niveau d’une application quelles que soit les précautions prises. C’est pourquoi l’intégration de la sécurité est très primordiale.

Les failles sont recherchées et exploitées par les hackers pour avoir accès a l’application pour des raisons telles que : Voler des informations confidentielles, demander une rançon ou bien faire cracher l’application. 

Pour mieux vous informer sur les attaques perpétrées par les hackers, vous pouvez consulter le site web : OWASP Top 10:2021.

En effet, il y a des guides ou des bonnes pratiques et des méthodes que nous pouvons suivre pour rendre notre application plus sécurisée.

Guides ou bonnes pratiques :

Chaque logiciel développé doit avoir un minimum d’exigence pris en compte. Il faudra toujours suivre des guides ou bonnes pratiques pour se rassurer que le logiciel développé a respecté certains critères au moment du développement.

Exemples :

  • Validation des entrées
  • Mettre en place et moyen (Identification, Authentification, Comptabilité, Audit)
  • Gestion des erreurs
  • Revoir le code pour découvrir des failles
  • Validation et vérification de code

Software développement life cycle :

SDLC (Software development life cycle) est la méthodologie utilisée pour concevoir, développer, sécuriser, implémenter, tester, et maintenir une application.  

SDLC est primordial dans le développement d’une application. Il permet de suivre et d’ordonner le développement d’une application et d’intégrer la sécurité dans chaque phase.

Le SDLC permet aux équipes telles que : les programmeurs, les gestionnaires de projets, Analystes, et d’autres dans le développement de l’application) de mieux collaborer de la phase d’initiation a la disposition de l’application. Le SDLC est compose de différentes phases qui sont :

Phases de SDLC 

  • Initiation et planification
  • Définition des exigences fonctionnelles
  • Design
  • Développement
  • Implémentation
  • Certification et accréditation
  • Opération et maintenance
  • Disposition

Model de SDLC :

Comme déjà dit dans nos textes, SDLC est une méthodologie utilisée pour mieux concevoir une application. A ce fait SDLC est base sur des modèles, l’utilisation des d’un modèle est très important dans le développement d’un logiciel car cela nous permet de s’adapter aux exigences du client.

Dans le développement d’un logiciel chaque projet est spécifique il faudra se referrer ou se baser surr un model plus approprier pour atteindre l’objectif.

Exemple de SDLC modèles tels que :

  • Waterfall
  • Spiral
  • Rapide application développement
  • Cleanroom
  • Prototype
  • Agile

Importances de SDLC

  • Planifier et gérer une application
  • Mieux sécuriser une application
  • Tester et évaluer une application
  • Réduire les risques et vulnérabilités sur un logiciel

SSDF (Secure Software Development Framework)

Malheureusement la sécurité n’est pas adressée dans certains modèles de SDLC. A ce fait, SSDF doit être ajoute et intégrées à chaque implémentation SDLC.

SSDF est compose de pratiques de développement de logiciels pour mieux sécuriser une application. Il a été établi par les organisations telles que BSA, OWASP et SAFECode  Secure Software Development Framework | CSRC (nist.gov).

SSDF va permettre de réduire le nombre de vulnérabilités, l’impact d’exploitation et autres.

En conclusion, le SDLC est essentiel dans le développement d’un logiciel. Une application ou un logiciel développe sans suivre le SDLC est comme construire une maison sans plan. Faire une bonne conception, bien développer et intégrer la sécurité est primordial pour n’importe quel logiciel.

Goldman website scamming people in Guinea-Conakry and around the world.

On November 28, 2022, I was contacted by someone  (From Guinea - Conakry) who invested a lot of money in a financial investment website. During a couple of time, the money raised up to thousands of US dollars, the person decided to take the money into his account, unfortunately no success. The service provider said that they will take 30% of the money raised, the person accepted the condition, but the service provider said that the person needs first to send the 30% then he can get access to the rest of money. I was contacted by the person and explained to me the situation. As an OSINT lover, I decided to take my responsibility.

I asked the person to share the details so i can start the investigation.  

I got following details:

Website name: Goldmaneur{.}om

"The person also shared the name and pictures of some people from Telegram who talk to him about the website (For privacy reason, we won’t share these information)"

After collecting all the details, I started my investigation.

Investigation:

Goldmaneur{.}com

First of all, I started to check the domain via Google search

goldmaneur.com Reviews | check if site is scam or legit| Scamadviser

From scamadviser.com, I got the following information:

The score is quite low

People comments about the website.

The comments are quite interesting , almost the same details that i got from the person who contacted me.

(The website owners are taking money from people and forcing them to pay 30% in order to get back the money raised).

At this point, the investigation started to become more interesting, the comments from others third parties were very helpful.

 I found out another  comment on LinkedIn:  

I clicked on the link and found the message below:

Again, another person saying the same thing. From this point I was sure about 80% that the website is a fake investment.  

But i wanted to check deeper to find others connection with the website, i checked VirusTotal, Riskiq, Security trails, i did not find more information. I got an idea, Censys, i checked it and found some interesting details:

https://search.censys.io/certificates?q=goldmaneur.com

I found more domains using the same certificates.

I clicked on one domain and  I found the following domains related to it.

https://www.entrust.com/blog/2019/03/what-is-a-san-and-how-is-it-used/

I started to check the domains above if i can find more information, the following information were found:

Goldmanusd{.}com 

Comment from Twitter

Another indicator found.

I checked the domain  via Who si lookup and found the following details:

The domain is created 140 days ago, using Cloudflare to hide the real IP address and to target more people around the world. Which could be a sign of world wide scam. 

goldman-global{.}com

Riskiq RiskIQ | Digital Risk | Cyber Threat Intelligence | Incident Response | RiskIQ

Some subdomains related to the domain

I decided to checked URLSCAN to see how the website goldmaneur{.}com looks like and perform further investigation on the website:

goldmaneur.com - urlscan.io

 

One important think I found was that the website is using a fake logo of Goldman ( a leading global financial institution) to trick people to to trust the website.

Another important information I found on the website was the online logo

I clicked on it and found the chat online available but at the time of writing, the chat is not working. 

I went on Telegram to check if i can find some information about the owner, i found the following picture with no specific details such as number, email address, picture and others.

I found also the download version of the application

https://goldmaneur{.}com/download/

I checked if others domains are using the same websites from URLSCAN, I found the following details:

First I connect to goldmanneur[.]com , clicked on the Hash to find all the website that use the same image.

goldmaneur{.}com - urlscan.io

 

I found:

Search - urlscan.io

We can see Goldmanusd{.}com, which means that the website site used the same logo. Another evidence that they operate together.

NB: One important thing to mention here is that, the website does not have any specific information such as information about the project, the creation of the website, the owner, the contact and others. Which is very strange. A normal financial website should have more details and the contact should be available for people who wish to contact.

We stop here our investigation as with all the information collected, we can assume that the website is used by scammers and operate around the world.

Before using any similar website, check always the information about it as we did. Many scammers used the same technics to trick people. When you face with such issue, report to the police as fast as possible to stop the scam and help other people to not get scam.

LE BYOD et les organisations en Afrique

Le BYOD signifie Bring your own device, le BYOD est devenu très populaire dans les organisations à travers le monde mais aussi en Afrique.

 Le BYOD permet aux travailleurs de venir avec leurs propres équipements tels que: des ordinateurs, téléphones mobiles, tablettes pour se connecter à l’infrastructure de leur organisation et travailler avec. Cela apporte d’énormes avantages aux organisations mais s’il n’y a pas de suivi cela pourrait aussi avoir plus de conséquences que d’avantages.

Le BYOD est utilisé souvent dans les lieux suivants : Les écoles, les organisations publiques ou gouvernementales, entreprises.

Les Etats Africains par manque de moyen n’ont pas le choix d’adopter d’autres alternatives que le BYOD.

Imaginons que chaque Etat Africain décidait d’acheter des équipements pour les travailleurs cela couterait d’énorme fortune a chaque Etat, ce qui fait que le BYOD est l’option la plus souhaite.

Avec les informations recueillies avec certaines sources, la plupart des pays Africains aujourd’hui utilisent le BYOD dans les organisations gouvernementales et aussi dans les entreprises sans suivis.

Le manque de suivi est le problème majeur du BYOD et les problèmes sont parfois irréparables.

Le manque de suivi du BYOD entraine des fuites de données en sachant que les données de nos jours sont devenues comme une matière première, elles permettent aux organisations, entreprises et Etats de collecter et produire des informations politiques, militaires, économiques, éducatives, médicales et autres.

Il ne faut pas avoir peur, le BYOD n’est pas une fatalité si les conditions sont mises en place pour l’implémenter, le maintenir jusqu’au niveau de la disposition des équipements et le départ d’un travailleur.

Avantages d’utilisation du BYOD dans une organisation.

  • L’organisation arrive à économiser financièrement
  • Selon certaines sources le BYOD peut améliorer le travail des employés et aussi le moral des employés
  • Augmentation de la productivité des travailleurs.

Les conséquences d’utilisation du BYOD dans une organisation.

  • Violation de la politique de l’entreprise
  • Fuite des données
  • Manque de gestions des équipements
  • Augmentation des vulnérabilités et de menaces
  • Augmentation du shadow IT
  • Augmentation des cybers attaques

Nous pouvons encore citer plusieurs avantages et conséquences, mais limitons-la-nous le temps c’est de l’argent.

Apres avoir citer les conséquences, je vois que vous aviez décidé de tout changer dans votre organisation. Mais non, il y a toujours des solutions pour bien implémenter le BYOD.

Solutions d’utilisation du BYOD dans une organisation.

  • Mettre en place une politique de gestion du BYOD
  • Mettre en place un moyen de gestion d’équipements (asset management)
  • Mettre en place une équipe de gestions de risques

NB: Il y aussi d’autres alternatives telles que: CYOD ou le COPE.

CYOD (choose your own device)

A ce niveau, l’employer ou l’entreprise donne une liste d’équipements que les employés peuvent acheter. Cela permet à l’employer de mieux gérer les équipements dans l’entreprise.

COPE (CORPORATE OWN PERSONAL ENABLED)

A ce niveau, l’employer achète des équipements pour les travailleurs. Les travailleurs peuvent utiliser les équipements pour le travail mais aussi pour leurs fins personnelles.

NB: Il faudra faire signer à chaque employé un document en confirmant leur accord et mettre une politique de surveillance en place pour une bonne implémentation du BYOD, CYOD, COPE.

En conclusion, le BYOD est une bonne alternative en Afrique mais et à travers le monde. Une bonne implémentation du BYOD en mettant en place une bonne politique de gestion et de suivis peut aider une entreprise à mieux gérer les équipements. L’adaptation du BYOD sans se rendre compte des conséquences et des risques dans les organisations telles que (ministères, directions et autres) en Afriques sont les causes de la plupart des fuites de données. Il faudra alors prendre en compte des avantages et des conséquences pour mieux protéger les données.