PC & Tech Authority PC & Tech Authority Mobile
Friday July 21, 2017
Nigerian scammers launch phishing attacks against industrial companies
by Rene Millman | Jun 19, 2017 | Comment Now
Scams apparently originating from Nigeria are thriving on the web, according to data on 500 companies in 50 countries which was recently analysed by Kaspersky Lab.
Nigerian scammers launch phishing attacks against industrial companies

Nigerian hackers have stolen sensitive commercial data from industrial firms around the world, according to security researchers.

In a blog post, Kaspersky Lab said that there were over 500 attacked companies in more than 50 countries. Most of these companies are industrial enterprises and large transportation and logistics corporations. According to data released by the firm, countries particularly hit in the campaign were Germany, Russia, India and the UAE.

The cyber-criminals managed to steal technical drawings, floor plans and diagrams showing the structure of electrical and information networks.

Researchers said that all indications are that these were business email compromise (BEC) attacks that have come to be associated with Nigerian cyber-criminals. Emails received by victims looked authentic enough to fool people. Some had attachments with names such as “Energy & Industrial Solutions W.L.L_pdf”, “Woodeck Specifications best Prices Quote.uue” and “Saudi Aramco Quotation Request for October 2016”.

All the emails had malicious attachments: RTF files with an exploit for the CVE-2015-1641 vulnerability, archives of different formats containing malicious executable files, as well as documents with macros and OLE objects designed to download malicious executable files, researchers said.

The malware used in these attacks belonged to families that are popular among cyber-criminals, such as ZeuS, Pony/FareIT, LokiBot, Luminosity RAT, NetWire RAT, HawkEye, ISR Stealer and iSpy keylogger.

“The phishers selected a toolset that included the functionality they needed, choosing from malware available on cyber-criminal forums. At the same time, the malware was packed using VB and .NET packers – a distinct feature of this campaign. To evade detection by security tools, the malicious files were regularly repacked using new modifications of the same packers,” said the researchers.

At least eight different Trojan-Spy and Backdoor families were used in the attacks. Further research found that the domain names of some of the malware command-and-control servers used by the attackers mimicked domain names used by industrial companies – “more proof that the attacks were primarily targeting industrial companies,” said researchers.

They added that most domains used for malware C&C servers were registered to residents of Nigeria. 

Researchers warned that it would be very dangerous if, because of an infection, cyber-criminals were able to gain access to computers that are part of an industrial control system (ICS). “In such cases, they can gain remote access to the ICS and unauthorised control over industrial processes,” said researchers.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
See more about:  nigerian scammers, phishing
Please note that some HTML content may have been removed from this article to improve the viewing experience on mobile devices.


comments powered by Disqus
BIT | CRN | iTnews | IoT Hub | PC PowerPlay