Geopolitical and Cybersecurity Risk Weekly Brief 14 September 2020

14 september 2020

Executive Summary

Equinix reported this week that it had been hit by ransomware. This was subsequently revealed as Netwalker – a ransomware that has targeted schools, hospitals and governments and has already earned more than USD25 million in ransom payments for its operators. In this case, the operators demanded USD4.5 million and released a screenshot of sensitive data with a timestamp of 7 September. While no major outages were reported by Equinix customers, the nature of the company’s business is such that disruptions would not be tolerated, and the swift resolution of a ransom-based attack is critical. This is not the last such provider that will be targeted by ransomware.

A report from Microsoft revealed that state-sponsored threat groups from Russia, China, and Iran "have stepped up their efforts targeting the 2020 election as had been anticipated.” This is in line with the US government’s own predictions and correlates with the broader political environment worldwide. Russia has been a hostile actor for many years, most notably with its targeting of the DNC in 2016 but also elections in the UK and elsewhere in the intervening years.

Conti and Maze ransomware were used to compromise more than thirty companies between them this week. All these attacks resulted in data breaches and the release of some of the victims’ sensitive data as proof of the incursion. Training is key to preventing these attacks – which are disruptive, costly, and can prove fatal for organisations that fall victim to them. The primary infection vector for ransomware is the compromise of RDP connections protected by weak password. Another delivery vector is malicious attachments to emails. All staff should be made aware of the correct procedure for dealing with emails containing attachments from senders unfamiliar to them and infrastructure should be secured with strong passwords. 

Patch Tuesday releases from many major vendors – Microsoft, Intel and Google, included – saw several critical vulnerabilities addressed in products that are rolled out across enterprises worldwide. These updates should be applied as soon as possible.

Tensions with China and foreign governments continue, with a report published by the European Chamber of Commerce in China saying that EU companies were increasingly concerned of ‘arbitrary punishment’ amid heightened political tensions. Washington rescinded the visas of over 1,000 Chinese researchers and students citing security risks. The Chinese and Indian foreign ministers agreed recent clashes along the countries’ disputed Himalayan border were in neither’s interest and that their respective military forces should disengage.

The role of tech companies has been increasingly debated, and the European Commission (EC) called on US-based technology firms, including Facebook, Google, and Twitter to take stronger action against disinformation online following a surge in fake news linked to the COVID-19 pandemic. French finance minister Bruno Le Maire also said the EU should advance with plans to impose a digital tax on technology companies in the first quarter of 2021 if efforts to find an international agreement fail.

Economic instability continues to be a key factor in many countries. At a summit of the Economic Community of West African States (ECOWAS), it was agreed that the launch of the new regional currency, Eco, should be delayed to an unspecified later date. COVID-19 and a failure to meet “convergence criteria” – such as price stability and fiscal responsibility, which are needed for the new currency to function – were cited.  The Sudanese government declared a state of economic emergency due to a sharp recent decline in the value of the Sudanese pound against the US dollar. In Lebanon, the pharmaceutical sector is collapsing due to an acute US dollar shortage, which has resulted in the reduction of imported medicines by 50 per cent.

Anti-government sentiment is growing in Thailand. Activists are planning a major rally in the capital, Bangkok, on 20 September in what would be the most direct challenge to the military-backed administration since the 2014 coup.  In Panama, students burned tyres and briefly blocked a highway in Panama City in protest at the government’s decision to reduce the University of Panama’s budget by USD14 million.

Bahrain and Israel reached an agreement to establish full diplomatic relations, a significant development that comes just under a month after Israel and the UAE said that they would normalise relations. The move signals a further shift in geopolitical regional alignments.

Attacks and cybersecurity news

A major global provider of data centres, Equinix, has reported that it was recently hit by ransomware with its internal systems bearing the brunt of the attack. According to a statement from the company, "our data centers and our service offerings, including managed services, remain fully operational." The ransomware used in this attack was Netwalker and a ransom of USD4.5 million demanded to prevent the release of stolen data (with a threat to double the amount to USD9 million if the ransom is not paid). The Netwalker operators included in their ransom note a link to a screenshot of data that had allegedly been stolen from Equinix: this included financial data. 74 Equinix remote desktop servers and login credentials have been found for sale on hacker marketplaces and in private sales. Exposed remote desktop servers a common entry point for threat actors, so this is of particular concern given Equinix's operations and global reach.

Argentina's official immigration agency, Dirección Nacional de Migraciones, was hit with Netwalker ransomware, impacting border crossing in and out of the country. The attack took place on 27 August. To prevent the ransomware from spreading unchecked through the network, these systems were taken offline resulting in the suspension of border crossings for four hours. The ransomware operators initially demanded a USD2 million ransom; this was increased to USD4 million after 7 days. Government sources claim that they will not negotiate with the threat actors.

The Development Bank of Seychelles (DBS) suffered a ransomware attack on 9 September, according to a statement issued by the Central Bank of Seychelles (CBS). The strain of ransomware used in the attack and the method of infection are currently unknown. CBS noted that it will provide further details when findings from the ongoing investigation are known.

Newcastle University has said that it will take "several weeks" to recover from a cyberattack that hit the institution's systems early last week. The DoppelPaymer ransomware operators are claiming responsibility for the attack. They have shared 750KB of data on their darknet data leaks blog as proof of the attack. One of the leaked files is a degree program handbook, and the other is a class and lecture plan. It is likely that the group will release more data if the ransom is not paid.

Following recent security advisories from the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA) has now also warned of an increase in DDoS attacks targeting finance and business organisations worldwide (no specifics regarding countries or targets were provided).

DATA BREACHES, FRAUD AND VULNERABILITIES

DATA BREACHES 

The New South Wales government has published the results of an investigation into a phishing attack that occurred in May. The personal information of 186,000 people was stolen: 47 staff email accounts were compromised, exposing 3.8 million documents. The information stolen is likely to be sold on darknet forums for subsequent cybercriminal use, such as phishing, identity theft, and potentially for further account compromise.

ETERBASE, a cryptocurrency exchanged based in Slovakia, has disclosed a security breach which resulted in the theft of USD5.4 million of cryptocurrency. Six wallets were affected, with a variety of cryptocurrency, including Bitcoin, Ether, ALGO, Ripple, Tezos and TRON, stolen. ETERBASE has also contacted other cryptocurrency exchanges and asked them to freeze transactions involving the stolen funds.

Around 50,000 letters sent by banks and local authorities were exposed on Google in an unsecured database owned by Virtual Mail Room (VRM), a UK outsourcing firm. VRM has clients such as Metro Bank, 14 local UK councils, Pearson, and insolvency specialists Begbies Traynor. Thousands of names and addresses were exposed. The director of Virtual Mail Room has claimed that they were the victim of a “very serious” cyberattack but this appears rather to be a case of negligence, since the data was showing on Google.

FRAUD

Another phishing campaign has been impersonating Novo Banco to steal data. The target receives a text with a link which leads to a malicious domain. These domains impersonate Novo Banco and ask for the victim's accession and PIN numbers, as well as taxpayer and citizen numbers, dates of birth, and mobile phone numbers. One of the pages also asks for sensitive financial data, such as credit or debit card details. The bank has been plagued by fraudsters over the last fortnight with another phishing campaign using malicious emails to disseminate a compromised WordPress site URL that asks for users’ banking details.

vulnerabilities

Several major vendors released Patch Tuesday security updates. This included Adobe, Google, Intel, Microsoft, and enterprise software maker SAP. A number of the vulnerabilities addressed in these updates were rated critical. It is imperative that organisations install these updates as soon as possible.

A 0day vulnerability has been discovered that affects most versions of Windows 10. The bug allows the creation of files in restricted areas of the operating system and can facilitate further attacks after initial infection. The 0day, however, only works on devices with the Hyper-V feature enabled.

A CERT/CC vulnerability analyst confirmed the existence of the bug, claiming that exploiting it requires minimal effort from the attacker.

A second warning has been issued about the Ripple20 set of vulnerabilities and their impact on IT environments. 35 per cent of IT environments were found to still be vulnerable to this threat, patches for which were released in June. As predicted, the flaws were exploited quickly, illustrating yet again that swift patching is key to protecting business environments. All companies are advised to immediately patch the flaws if they have not already done so, to avoid potential compromise.

We recommend updating the products listed below to the most recent version as soon as possible in line with your company’s product update schedule:

  • Ten critical vulnerabilities have been discovered in MOFI4500 routers made by MoFi Network. Some of the vulnerabilities can allow an unauthenticated, remote attacker to take complete control of the targeted router. A number of these issues remain unpatched.
  • A cross-site scripting vulnerability has been found in the Google Maps export function. Google patched this flaw on 7 June, but within ten minutes a bypass had been discovered by the researcher that had found the first bug.
  • Six vulnerabilities in CodeMeter, a software licencing solution made by Wibu-Systems, which is often used in products related to industrial control systems (ICS). These vulnerabilities could be exploited to enable remote attacks against ICS environments. All versions of CodeMeter prior to 7.10 are affected by these vulnerabilities.
  • A high-severity vulnerability has been patched in the NextScripts WordPress plugin which affects over 100,000 users. Users are recommended to update their plugin to version 4.3.187 to avoid potential compromise.
  • Security researchers from Tenable have identified a high-severity vulnerability (CVE-2020-5780) in the Email Subscribers & Newsletters WordPress plugin that could facilitate phishing. The vulnerability is currently installed on 100,000 WordPress sites.

APT ACTIVITY AND MALWARE CAMPAIGNS 

APT ACTIVITY 

A new report from Microsoft has revealed that state-sponsored threat groups from Russia, China, and Iran "have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported." Among the political campaigns, advocacy groups, parties and political consultants that were targeted in these ongoing attacks, Microsoft also mentioned unsuccessful attacks on individuals associated with the Trump and Biden campaigns.

Microsoft's report confirms intelligence shared by the US government in July and August 2020 on Russian, Iranian, and Chinese hackers trying to "compromise the private communications of U.S. political campaigns, candidates and other political targets." Last year, in July, Microsoft issued 781 alerts to organisations as part of its AccountGuard service after discovering attacks coordinated by state-backed threat actors. The attacks specifically targeted entities that are critical to the democratic process: political parties and campaigns, non-governmental organisations (NGOs), and democracy-focused think tanks from 26 countries across four continents.

MALWARE 

Emotet continues to pose a considerable threat to businesses around the world. The botnet malware is delivered in spam emails: Japan and New Zealand have borne the brunt of attacks this week, with the French national cybersecurity agency, ANSSI, warning of a surge in Emotet attacks targeting the private sector and public administration organisations across the country. The Mexican government was targeted, and it has now been suggested that Emotet may be responsible for the breach of Norwegian public sector employees’ email accounts.

A fully functional spyware is being distributed as 'TiktokPro' on third-party app stores. Researchers detected a wave of malicious SMS and WhatsApp messages urging users to download the “latest version” of the TikTok app. It should be noted that while it is possible to get a 'Pro' account for TikTok, there is no TikTok Pro app.

New research has identified a new wave of attacks involving the Zeppelin ransomware-as-a-service (RaaS). The delivery vector is a malicious Word Document containing malicious macros that run a script to download the Zeppelin executable. The Zeppelin operators appear to be upscaling its operation by offering more attractive terms to potential affiliates. Notably, this group does not yet have a data leaks blog for naming victims and leaking stolen data. However, given how ubiquitous this model has become among ransomware groups, it seems likely that Zeppelin will adopt it soon, particularly if many victims refuse to pay the ransom.

Researchers have reported a new malware, dubbed CDRThief, specifically targeting Linknat VOS2009/3000 softswitches, a Linux Voice over IP (VoIP) system. The aim of the malware campaign is to steal call data records from telephone exchange equipment. CDRThief may be used for cyber-espionage purposes: against whom, exactly, and for what purpose remains unclear.

DARKNET

The darknet market community continues to be rocked by Empire’s disappearance. Notably, Icarus, a relatively new market with a decent reputation, has been offline for several days now. Consequently, WhiteHouse has managed to establish itself as the new market leader. 

Two new markets were launched this week. The first, Invictus, is being run by the team behind the Imperiya service. Given Imperiya’s well-established reputation within the darknet community, this market has the potential for rapid expansion as it will have less to prove to gain the trust of users as compared to markets backed by unknown operators. The second new marketplace is called Lime Market. The admins of Lime Market are unknown figures within the darknet community and the market itself has already been criticised for re-using Eckmar’s script. Based on this, we do not anticipate this market becoming a major player in the darknet ecosystem in the short term at least.

The operators of the Zeoticus ransomware have announced they are transitioning to a ransomware-as-a-service (RaaS) model. Zeoticus first appeared at the start of this year but has since been relatively quiet in comparison to other ransomware groups. However, adopting the RaaS model can enable ransomware operators to up-scale their activity by growing their team via affiliates. Therefore, if the Zeoticus operators manage to successfully recruit multiple affiliates, activity associated with this ransomware variant will likely increase.

GEOPOLITICAL THREATS AND IMPACTS

AMERICAS 

USA & CHINA – Washington Rescinds Visas for 1,000 Chinese Researchers and Students

Washington on 10 September announced it had rescinded the visas of over 1,000 Chinese researchers and students over alleged security risks. The move comes after the US government in May accused China and some Chinese students of conducting an extensive campaign of intellectual property theft across the country. It also follows the 2 September imposition of restrictions on Chinese diplomats, including for visits to university campuses.

The announcement coincides with accusations by Chinese state media that Australian authorities conducted covert raids on the homes of four Chinese journalists in June. The accusations were followed by Australia’s national broadcaster ABC revealing on 9 September that Australian authorities had investigated two Chinese journalists and two Chinese academics – who had their visas rescinded – over accusations of infiltration. Though a US state department spokeswoman said that the Chinese researchers and students affected comprise a ‘small subset’ of Chinese students in the country, the move may prompt an increase in low-level harassment of Chinese students at US universities, as well as Chinese expatriate personnel across the US, in the short-term. Businesses with interests in US-China trade should factor growing bilateral tensions into their strategic planning.

PANAMA – Students Burn Tyres, Block Highway in Capital over University Budget Cuts

On 7 September, approximately 30 students burned tyres and briefly blocked the Transístmica highway in Panama City in protest at the government’s decision to reduce the University of Panama’s budget by USD14 million. Furthermore, the new financial settlement is USD91 million below the university’s requested budget for the upcoming year.

While the impact of the protest was relatively small, there is a moderate-to-high likelihood of further student protests linked to budget cuts. Companies with interests in Panama, particularly in the capital, should monitor updates on the dispute and any future protests, and instruct staff to exercise additional vigilance and avoid all demonstrations. Staff should re-route travel away from planned protests and follow the instructions of local authorities.

ASIA-PACIFIC

INDIA & CHINA – India, China Seek to Reduce Himalayan Frontier Tension

The foreign ministers of India and China on 11 September issued a joint statement agreeing recent clashes along their disputed Himalayan border were in neither country’s interest and that their respective military forces should disengage and create a buffer zone in order to reduce the potential for future clashes. The statement was issued in the aftermath of an incident earlier this week when troops from both sides fired warning shots after accusing each other’s personnel of crossing the so-called line of actual control (LAC) in the Ladakh region, marking the first time live ammunition has been discharged by Indian and Chinese troops in decades.

The joint statement is certain to reflect the intentions of both governments, which have far higher economic and domestic priorities than further exacerbating long-standing differences and friction in a remote region with little but symbolic utility. Nevertheless, both sides have taken casualties along the LAC in recent months, and elements in the two countries have used these incidents to stir nationalist sentiment. The risk remains that tactical decisions taken by relatively junior military commanders on the ground can quickly escalate into confrontation requiring a national response.

Companies should recognise the disputed Himalayan border region will continue to serve as a permanent point of friction between India and China, but that the latest increase in tension is now likely to ease at least until next spring.

THAILAND – Activists Plan to Hold Major Anti-Government Protest in Bangkok

Thai anti-government activists on 9 September said they plan to hold a major rally in the capital Bangkok on 20 September in what would be the most direct challenge to the military-backed administration since the 2014 coup. The organisers are seeking to hold the rally on the anniversary of the 2006 coup that toppled the government of Thaksin Shinawatra. They are hoping to attract up to 100,000 supporters and will raise the issue of reforming the country’s monarchy.

Reforming the country’s monarchy is the most sensitive political topic in Thailand that has led in the past to extreme violence against those advocating change. The government appears unsure how to deal with the growing support this movement has attracted or its more radical demands. Indications the country may be facing another political crisis are evident in many forms, ranging from boycotts of companies identified as supporting the status quo to rumours of another military coup. However, there is no doubt that a mass rally in Bangkok next week calling for reforms to the monarchy will be perceived as a ‘red line’ for elements in the military and nationalist groups, greatly increasing the potential for violence. Companies should assess their vulnerability to such an outcome, notably the impact on their staff, assets, operations and reputation.

CHINA – Counterfeit Luxury Goods Demonstrate Insider Threats, Increasing Sophistication

Shanghai police in August have arrested 62 criminal gang members for making and selling counterfeit Louis Vuitton (LV) bags, according to Chinese state media on 2 September. Authorities seized 2,000 fake bags, raw materials valued at over RMB110 million (USD16 million), and over 30 sets of counterfeiting tools. A sales representative at LV’s Guangzhou store is accused of supplying not-yet-released bags to counterfeiters. The counterfeits were atypical in that they came with NFC sensor chips that, when scanned, redirected customers to the official LV website.

The case illustrates the potential financial harm posed by insider threats, as well as the increasing sophistication of counterfeiters' operations. Advancements such as the NFC chips counter the devices’ use in acting as proof of authenticity, threatening to render the use of such chips useless in bolstering consumer confidence in the integrity of fashion products. The development further suggests that, despite crackdowns, intellectual property rights (IPR) violations remain a considerable hazard to businesses in China, including fashion brands. Illicit counterfeiting networks continue to adversely impact fashion retailers’ supply chains, despite counter-proliferation efforts. Fashion brands with interests in China should factor dual-pronged technological and insider threats into their anti-counterfeiting programs.

EUROPE

FRANCE – Government Calls on Joint EU Digital Tax if International Initiative Fails

On 11 September, finance minister Bruno Le Maire said the EU should advance with plans to impose a digital tax on technology companies in the first quarter of 2021 if efforts to find an international agreement fail. Around 140 countries are negotiating international tax rules to reflect the economic prominence of major technology firms. A deadline to reach an agreement by the end of the year appears presently unlikely, and Le Maire has accused the US government of undermining the international talks.

Multiple countries, including Austria, France and Spain have announced plans to implement a tax on digital companies. But EU governments stalled plans to introduce the tax after US pressure for an international agreement to reached. Lack of progress and mounting COVID-19-related economic difficulties, however, led EU officials to view a digital tax as a solution to help finance national recovery plans. Technology firms should factor the likely introduction of taxation by the first quarter of next year into strategic planning.

REGIONAL – European Commission Urges Tech Firms to Enhance Anti-Disinformation Efforts

The European Commission (EC) has called on US-based technology firms, including Facebook, Google, and Twitter to take bolder action in a bid to tackle disinformation online. This comes amid a surge in fake news linked to the COVID-19 pandemic. Several companies signed up to a self-regulatory code of practice to combat disinformation in 2018 but the results have been mixed. According to a report quoted by Reuters, there has been an ‘inconsistent application of the code across platforms and member states’, while its self-regulatory nature limits its scope.

Regulatory action is currently being considered by EU officials aimed at enhancing the responsibility firms have in tackling disinformation. The EC is currently working on proposing a Digital Services Act by the end 2020, which will translate into more obligations for social media organisations and increase liability for content found on their platforms. Malicious actors have sought to take advantage of the pandemic to undermine Western governments and alliances via the dissemination of conspiracy theories. For instance, from January to March, EU monitors detected over 80 cases of disinformation efforts linked to the global COVID-19 outbreak. Collective anxiety and increased scepticism towards experts have provided fertile ground for disinformation to resonate with a larger audience. As this trend continues over the next few months, technology companies will be faced with stronger political interventions calling on them to better monitor, shut down fake accounts, and regulate content found on platforms.

EU & CHINA – European Firms Concerned About ‘Arbitrary Punishment’, Growing Tensions

In a report published on 10 September, the European Chamber of Commerce in China, which represents over 1,700 members, said that EU companies were increasingly concerned of ‘arbitrary punishment’ amid heightened political tensions. Issues such as alleged human rights abuses against the Uighur Muslim community in Xinjiang and the national security law in Hong Kong have deteriorated bilateral relations. The report also cited over 80 per cent tariffs imposed on barley imports from Australia in May due to worsening bilateral relations as an example. In addition, firms have expressed concerns about travel restrictions on overseas workers and the exclusion of foreign companies from domestic sectors in China.

For European companies operating in China, the current context lends credence to the view that they may get caught in the crossfire of increased EU-China tensions. Political actions taken by governments where such companies are headquartered may translate into heightened political risks in China. Beyond more scrutiny on their operations and commercial interests from authorities, consumer-centric European brands may face public backlash in the form of boycotts. Bureaucratic hurdles in China, meanwhile, continue to obstruct foreign capital from improved market access, with a growing number of sectors restricting foreign investment. In other industries, domestic companies benefit from strong state financial support, which disadvantages foreign competitors. Companies with assets in mainland China should factor increased geopolitical tensions into strategic planning.

MENA AND CENTRAL ASIA 

BAHRAIN & ISRAEL – Normalised Ties, Further Shift in Geopolitical Realignments

On 11 September, US President Donald Trump announced that a deal had been agreed by Bahrain and Israel to establish full diplomatic relations. The announcement comes just under a month after Israel and the UAE said that they would normalise relations on the condition that Prime Minister Benjamin Netanyahu suspend plans to annex parts of the West Bank. Bahraini and Emirati representatives will sign respective accords with Netanyahu on 15 September.

The development is the latest sign of an ongoing geo-political realignment in the region; Bahrain is the fourth Arab country to normalise relations with Israel, after Egypt, Jordan, and the UAE. It raises the likelihood that further similar accords could be brokered in the short to medium-term outlook by neighbouring Arab states such as Oman and Sudan who will not want to miss the trading and economic benefits that would come with closer affiliations to Israel and by extension the US.

Bahrain’s decision is particularly notable given its close relations with Saudi Arabia. It is highly unlikely that Bahrain’s monarch Hamas bin Isa al-Khalifa would have progressed towards normalisation without the approval of Saudi Arabia's crown prince, Mohammed bin Salman bin Abdulaziz Al Saud. This suggests a tacit agreement from Saudi Arabia regarding the current developments with Israel, something that was further underlined on 2 September when Riyadh permitted Israeli commercial flights to fly over its territory. This increases the probability that the Saudis may move in the same direction as UAE and Bahrain in the medium to long-term. Given Saudi Arabia’s influence in the region, any future recognition of Israel from them would signify a seismic shift in regional affairs and likely pave the way for widespread normalisation with Israel across the Arab world. However, an agreement of this kind is unlikely in the short to medium-term; authorities recently said they would not establish diplomatic ties with Israel until Tel Aviv signs an internationally recognised peace accord with the Palestinians.

LEBANON – Pharmaceutical Sector at Risk of Collapse Amid Worsening Dollar Shortage

On 7 September, the head of the Lebanese Order of Pharmacists, Ghassan al-Amine, said that the pharmaceutical sector in Lebanon is in collapse. Al-Amine blamed an acute US dollar shortage, which has resulted in the reduction of imported medicines by 50 per cent. He indicated that due to the rapidly diminishing medicine import levels, the stock currently available would last for a maximum of six more weeks.

The dollar crisis, which has been ongoing since September 2019, resulted in central Lebanese banks implementing unofficial capital controls, which have become increasingly restrictive over the past six months. This makes it almost impossible for importers to pay for goods without resorting to a black-market dollar exchange rate, which can be seven times as high as the official rate of 1,515 pounds per dollar. This practice has caused the prices of imported goods to rapidly inflate, further compounding the financial crisis as the consumer economy stalls.

The possible collapse of the pharmaceutical sector is the latest indication of worsening financial conditions. In his statement, Al-Amine requested that custom authorities allow importers of essential medicines to use the official rate of 1,515 pounds to exchange for US currency. Given the COVID-19 crisis and the urgent need for imported medicines, there is a realistic probability that an exchange exemption for medicine importers could be proposed in Parliament in the coming weeks. However, consultations to establish a new cabinet under prime-minister designate Mustapha Adib are already stalling, raising the likelihood that a 2-week deadline to form a cabinet set out by French President Emmanuel Macron on 1 September will be missed and policy revisions such as an exchange exemption will be further delayed. Businesses with pharmaceutical interests in the region are advised to continue monitoring all official government updates.

SUB-SAHARAN AFRICA

WEST AFRICA – ECOWAS Postpones Launch of New Eco Currency ‘Indefinitely’

During a summit of the Economic Community of West African States (ECOWAS), held in the Nigerien capital Niamey on 7 September, heads of state agreed to delay the launch of the new regional currency, Eco, to a ‘later date’. They cited the COVID-19 pandemic and failure to meet so-called convergence criteria, such as price stability and fiscal responsibility, which are needed for the operationalisation of the new currency. These criteria have now been revised, and a new roadmap was agreed during the meeting.

The delay of the Eco launch confirms our forecast in May regarding a probable delay due to COVID-19. Beyond the pandemic, technical progress has been slow, with Togo reportedly being the only country in the ECOWAS bloc to meet the convergence criteria. While the duration of the delay is unclear, it will likely take several years before the new currency is launched; Ivorian President Alassane Ouattara suggested during the summit that it would take at least three to five years.

SUDAN – ‘State of Economic Emergency’ Underscores Dire Economic Outlook

Reuters news wire on 11 September reported that the government has declared a state of economic emergency due to a sharp decline in the value of the Sudanese pound against the US dollar over the past few weeks. The transitional government said it would criminalise the purchasing, selling, possessing or smuggling of raw gold – a key foreign exchange earner – and other precious minerals, and establish special courts over the coming week in a bid to fight speculation and smuggling activities, which were undermining the stability of the currency rate. In addition, security forces will increase inspections at border posts to prevent smuggling.

The announcement comes as inflation reached 143.7 per cent in July and the country grapples with extensive floods nationwide, which will increase the need for imports and risk of consumer price and currency fluctuations further. While the official exchange rate has been kept stable by the central bank over the past six months, exchanging USD1 to SDG55, the rate on the parallel market has continued to decline, going from SDG117 in March to SDG154 in mid-June. On Wednesday (9 September) that figure had dropped to SDG254. According to local news sources, DAL Food – one of the largest food companies in the country – said on the previous day that it would stop selling and distributing food until further notice. While the claim could not be independently verified, the statement highlights the country’s dire economic outlook. Nevertheless, it is likely that the combination of extensive floods and the currency depreciation will impact supply of imports. In addition, it is unclear what impact, if any, the new special courts will have on gold smuggling in the country. Reports by UK-based advocacy group Global Witness have repeatedly claimed that such activity takes place through major international gold traders and Sudanese authorities, including the central bank and armed militias which are today part of the security apparatus.

MOZAMBIQUE – Mounting Political Risks Against LNG Investments Likely to Delay Roll-Outs

An investigation published by Reuters news wire on 8 September estimates that US oil major ExxonMobil is facing a shortfall of USD48 billion through 2021, which will oblige the company to cut staff and projects. This comes amid depressed benchmark crude oil prices due to the COVID-19 pandemic, which have forced the company to nearly double its debt to USD23 billion to service costs.

In a related development, Dutch environmentalist campaigning organisation Friends of the Earth (FoE) is planning to launch a legal challenge against the UK government this week, according to a report in the Guardian on Tuesday. This is over plans by UK Export Finance – a government agency – to provide USD300 million in direct loans, and USD850m in loan guarantees for commercial banks investing in the development of major liquefied natural gas (LNG) projects in northern Mozambique’s Cabo Delgado province. The NGO, which is reportedly represented by UK law firm Leigh Day, claims the decision was made without carrying out environmental and social impact assessments, a legal requirement.

Both reports signal mounting political risks and attendant investment delays in gas-rich Cabo Delgado, which holds one of the world’s largest untapped natural gas reserves. ExxonMobil is part of the Mozambique Rovuma Venture consortium which includes Italy’s Eni and Chinese state-owned China National Petroleum Corporation (CNPC), among others, and is working to develop LNG facilities to extract natural gas from the offshore Area 4 in the Rovuma basin. The venture may amount to up to USD25 billion in investments. However, in April ExxonMobil postponed its final investment decision due to the impact of COVID-19 on investments, likely delaying the roll-out of the venture. The latest Reuters report suggests that further delays are likely, and operations will unlikely begin in 2023 as initially planned. The reported FoE challenge against the UK government confirms claims in July that UK investments in Mozambique are facing mounting legal risks. The project delays are likely to have knock-on effects on other companies’ supply chains and may also prompt selloffs to alternative investors in the one-year outlook. Investors and financial service providers with interests in Cabo Delgado’s LNG projects should continue to monitor announcements by involved stakeholders and assess the likely impact on their operations.