Nigerian yahoo-yahoo fraudsters made a whopping $3 Billion defrauding innocent people all over the world. Nigerian hackers and cyber criminals are being accused of masterminding a grand theft of information and money running into billions of dollars, worldwide.
According to experts, the Nigerians are able to carry out the heist by sending phishing emails to commercial organizations and industrial enterprises, which they later steal dry.
The FBI estimates that these phishing attacks have cost companies over $3 billion. The number of affected companies exceeds 22,143. Kaspersky Labs, an internet security company said it has found over 500 companies that are under attack in at least 50 countries.
Those under attack are mostly industrial enterprises and large transportation and logistics corporations, based in Germany, UAE, Russia and India. In a blog post, Kaspersky said the cyber-criminals managed to steal technical drawings, floor plans and diagrams showing the structure of electrical and information networks. Researchers said that all indications are that these were business email compromise (BEC) attacks that have come to be associated with Nigerian cyber-criminals.
Emails received by victims looked authentic enough to fool people. Some had attachments with names such as
They may also contain archives of different formats containing malicious executable files or macros and OLE objects designed to download malicious executable files. Kaspersky discovered that the malicious files are intended to steal confidential data and install stealthy remote administration tools on infected systems. Using Whois services, Kaspersky found that the domains used to host the malware were registered to residents of Nigeria. Once in, the hackers compromise a legitimate email and change the banking account details.
The malware used in these attacks belonged to families that are popular among cyber-criminals, such as ZeuS, Pony/FareIT, LokiBot, Luminosity RAT, NetWire RAT, HawkEye, ISR Stealer and iSpy keylogger.
At least eight different Trojan-Spy and Backdoor families were used in the attacks. Further research found that the domain names of some of the malware command-and-control servers used by the attackers mimicked domain names used by industrial companies – “more proof that the attacks were primarily targeting industrial companies,” said researchers.
They added that most domains used for malware C&C servers were registered to residents of Nigeria.
Researchers warned that it would be very dangerous if, because of an infection, cyber-criminals were able to gain access to computers that are part of an industrial control system (ICS).
Owen Connolly, vice president services (EMEA) at IOActive, told SC Media UK that this attack is not actually targeting industrial control systems or operational technology. “It’s just targeting users that work for large companies. The fact that those companies may also have OT systems could just be coincidence, not correlation,”
Mark James, security specialist at ESET, told SC Media UK that scammers are opportunistic. They understand they need to adapt and will change their tactics to get the best result.
Javvad Malik, security advocate at AlienVault, told SC that organisations dealing with industrial control systems may not be as savvy to scams as financial services, so it could be that the success rate of targeted emails is higher.
Posted: at | |