by: Ajay Vaishnav, India
Internet security firm Palo Alto Network’s latest report reveals how Nigeria-based scammers have transformed from traditional �” phishing attacks, wherein these cyber-criminals simply collected credit card details or personal information of individuals, to steal business-critical data from enterprises. The 419 Evolution report, published by the firm’s threat intelligence team, details how Nigeria-based cyber criminals have evolved from common malware campaigns to advanced tools used by sophisticated criminal and espionage groups.
The researchers at the Internet security firm have been tracking a particular criminal operation referred as Silver Spaniel for months. The attack commences with a malicious email attachment. Once clicked, victims inadvertently download malicious tools onto their devices. NetWire, a remote administration tool, is capable of taking over a Windows, Mac OS or Linux system. On the other hand, DataScrambler, makes sure the NetWire program is undetectable by anti-virus products. According to Palo Alto Network, the attackers bought or leased these tools from other hackers on underground hacking forums.
In the past, the main target of Nigerian scammers has been wealthy, unsuspecting individuals. But, the latest trend suggests enterprise security is at risk. Businesses can adopt ways to mitigate threats emanating from Silver Spaniel-style attacks. All suspicious looking email and content must be blocked and inspected. As traditional anti-virus programs and firewalls are ineffective because Silver Spaniel attacks are specifically designed to evade those technologies, it is advised to not open files sent from addresses one does not recognize. Even with trusted contact, one should exercise caution while opening unsolicited files. In addition, Pinkerton recommends following basic precautions against phishing attempts such as protecting identity and financial details; not trusting unreliable content, emails or downloads; auto-updation of softwares, anti-virus and firewall.
Palo Alto Networks, revealed that cyber criminals in Nigeria, have evolved common malware campaigns infiltrating businesses which were not previously their primary targets.
419 Evolution, released a new report, from Unit 42, the team of Palo Alto Networks threat intelligence, which explains how Nigeria-based scammers are now using the tools, which are often deployed by more sophisticated criminal and espionage groups to steal business-critical data from enterprises.
These criminals are infamous for running easily-spotted “419” phishing scams attempting to collect credit card details or the personal information from individuals, but over the past few years they have expanded their skills to, by targeting businesses, and using more advanced techniques.
Researchers, discovered these activities and techniques, a code-named Silver Spaniel, using WildFire, which rapidly analyzes cyber threats in a cloud-based, virtual environment.
Among other techniques, the criminals use Remote Administration Tools (RATs) available through underground forums, including commercial RATs such as NetWire,
providing complete control over infected systems.
Attacks similar to Silver Spaniel in the past may have come from Eastern Europe or a hostile espionage group.
Also, Traditional Antivirus programs and legacy firewalls are ineffective, because Silver Spaniel attacks are designed specifically to evade those technologies.
“These Silver Spaniel malware activities originate in Nigeria and employ tactics, techniques and procedures similar to one another.
The actors don’t show a high level of technical acumen, but represent a growing threat to businesses that have not previously been their primary targets,” said Ryan Olson, Unit 42 Intelligence Director.