Cyber crime in Nigeria ‘increasing at alarming rate’

In a research report, the tech security company says that cyber criminals operating in Nigeria have evolved from silly spray-and-pray email spam campaigns. They have evolved into more refined con games that target large business organisations with malware and fetch princely sums totaling millions of dollars.
According to the report compiled by Unit 42 threat research team of the company, the researchers analysed over 8,400 malware samples originating from Nigerian scam emails from July 2014 to June 2016, pinpointing roughly 100 individual actors or groups behind these campaigns.
The frequency of malware attacks jumped wildly in this time, from fewer than 100 attacks in July 2014 to a range of 5,000 to 8,000 per month – peaking in May 2016 with nearly 19,000 incidents, the report says.
The frequency of malware attacks jumped wildly in this time, from fewer than 100 attacks in July 2014 to a range of 5,000 to 8,000 per month – peaking in May 2016 with nearly 19,000 incidents, the report says.
“Nigerian actors have demonstrated a clear growth in size, scope, complexity and capability over the past two years and as a direct result, they should now be regarded as a formidable threat to businesses worldwide,” according to the tech security company.
Palo Alto says that because Nigerians have the reputation of using cheap commodity malware tools that are readily available in the underground market, Nigerian scammers still seem to be the “Rodney Dangerfield” of the cybercriminal world – in part.

cyber crime
cyber crime

However, this does not reflect a lack of Internet-savvy. Rather, “they have learned how to successfully apply simple malware tools with precision in order to create substantial losses ranging from tens of thousands up to millions of dollars for victim organizations, and they have broadened their scope well beyond targeting unsuspecting individuals,” the report reads.
Palo Alto identified five of the scammers’ most popular malware tools as Predator Pain, ISR Stealer, Keybase, ISpySoftware and Pony, each of which enables attackers to remotely access or steal credentials from infected machines.
According the company, relying on inexpensive commodity tools actually affords the scammers a key advantage: they can instead allocate the bulk of their budget toward the latest, state-of-the-art cryptors that obfuscate the malware in order to evade antivirus solutions.
It also notes that just because commodity malware is inexpensive doesn’t mean it’s not effective at what it does. In fact, “if you were to compare that tool to something built by a very sophisticated – nation-state, that tool is probably more sophisticated,” particularly from a development perspective, Ryan Olson, intelligence director at Palo Alto Networks says.
The report further says the Nigerian scammers have also shifted from “carpet bombing” random individuals with spam to coordinating “surgical spear-phishing strikes” against specific business targets.
Instead of relying on bizarre tales of political intrigue and lost fortunes to tempt recipients with improbable get-rich-quick schemes, these scammers now carefully craft emails that offer credible value propositions to their targets. Many of these emails rely on Business Email Compromise and Business Email Spoofing techniques to make the emails appear as if they are originating from a trusted and plausible source, according to Pato Alto.

Connected: A mobile phone user browsing the Internet
Connected: A mobile phone user browsing the Internet

In the samples Palo Alto studied, malware attacks most frequently targeted the high-tech, higher education and manufacturing industries. In addition to using email, it also says the Nigerian scammers also propagate their malware through fraudulent websites that sometimes impersonate the sites of legitimate companies and organizations.
The tech security company also took a closer look at the individuals and entities behind these campaigns, leveraging threat intelligence and advanced analytics to link threat actors’ domain registration details with their Facebook and Google+ social media profiles. In doing so, the researchers found that many of the perpetrators live comfortably, are well educated (often owning technical degrees) and primarily range in age from late teens to mid-40s.
By mapping out this Nigerian social network, Unit 42 was able to link Nigerian actors to additional malware tools, including the NanoCore remote access trojan, HawkEye keylogger, Aegis crypter and Orway crypter. Moreover researchers were able to identify a select few individuals who “appear to serve as the connective tissue between various subsets of Nigerian actors and the tools they use.” These key links could potentially be suppliers of malware tools or perhaps even cybercriminal bosses.

No comments

Powered by Blogger.