According to experts, Nigerian hackers and cyber criminals are responsible for masterminding a grand theft of information and money running into billions of dollars, worldwide. It is believed that they are able to carry out the heist by sending phishing emails to commercial organisations and industrial enterprises, which they later steal dry.
Researchers said that all indications are that these were business email compromise (BEC) attacks that have come to be associated with Nigerian cyber-criminals. In addition, the FBI estimates that these phishing attacks have cost companies over $3 billion as the number of affected companies exceeds 22,143, the Sun reports.
, an internet security company said it has found over 500 companies that are under attack in at least 50 countries. Those under attack are mostly industrial enterprises and large transportation and logistics corporations, based in Germany, UAE, Russia and India. Kaspersky said the cyber-criminals managed to steal technical drawings, floor plans and diagrams showing the structure of electrical and information networks.
Emails received by victims are well crafted emails that look legitimate and are crafted to make the victim open the malicious attachment. The emails ask the recipients to check information as soon as possible, clarify product pricing or receive goods specified in the delivery note attached. The malicious attachments contain RTF files with an exploit for the CVE-2015-1641 vulnerability.
Kaspersky discovered that the malicious files are intended to steal confidential data and install stealthy remote administration tools on infected systems. Using Whois services, Kaspersky found that the domains used to host the malware were registered to residents of Nigeria. Once in, the hackers compromise a legitimate email and change the banking account details.
The malware used in these attacks belonged to families that are popular among cyber-criminals, such as ZeuS, Pony/FareIT, LokiBot, Luminosity RAT, NetWire RAT, HawkEye, ISR Stealer and iSpy keylogger. At least eight different Trojan-Spy and Backdoor families were used in the attacks.
Further research also found that the domain names of some of the malware command-and-control servers used by the attackers mimicked domain names used by industrial companies – “more proof that the attacks were primarily targeting industrial companies,” said researchers.
Did you find this article informative? Kindly like, comment and share!