Nigerian Hackers Steal $3bn Worldwide, Says FBI Report

Cat:

Related stories

Defection: Maku Backs Alia, Says No Plan To Make Benue Gov. Dumps APC For PDP

By Kolawole Ojebisi A former Minister of Information, Labaran Maku,...

Shadow Opposition Cabinet: Judge Decides DSS, Utomi’s Fate June 25

By Kolawole Ojebisi Justice James Omotosho of the Federal High...

DSS Seeks Court Injunction to Halt Utomi’s Shadow Government Protests

By Abiola Olawale The Department of State Services (DSS) has...

Mokwa Flood: Death Toll Hits 200 As NASEMA Recovers Bodies Of 7 Children

By Kolawole Ojebisi Apparently, the last has not been heard...

In 2 Years, Tinubu Has Surpassed Shagari, IBB, Obasanjo, Yar’Adua, Jonathan, Says APC

By Kolawole Ojebisi The ruling All Progressives Congress(APC) has declared...

A new report by the US Federal Bureau of Investigation (FBI) has accused Nigerian hackers and cyber criminals of masterminding a grand theft of information and money running into billions of dollars, worldwide. According to experts, the Nigerians are able to carry out the heist by sending phishing emails to commercial organizations and industrial enterprises, which they later steal dry.

The FBI estimates that these phishing attacks have cost companies over $3 billion. The number of affected companies exceeds 22,143. Kaspersky Labs, an internet security company said it has found over 500 companies that are under attack in at least 50 countries.

Those under attack are mostly industrial enterprises and large transportation and logistics corporations, based in Germany, UAE, Russia and India. In a blog post, Kaspersky said the cyber-criminals managed to steal technical drawings, floor plans and diagrams showing the structure of electrical and information networks.

Researchers said there all indications that these were business email compromise (BEC) attacks that have come to be associated with Nigerian cyber-criminals. Emails received by victims looked authentic enough to fool people. Some had attachments with names such as “Energy & Industrial Solutions W.L.L_pdf”, “Woodeck Specifications best Prices Quote.uue” and “Saudi Aramco Quotation Request for October 2016”.

These are well crafted emails that look legitimate and are crafted to make the victim open the malicious attachment. The emails ask the recipients to check information as soon as possible, clarify product pricing or receive goods specified in the delivery note attached. The malicious attachments contain RTF files with an exploit for the CVE-2015-1641 vulnerability. They may also contain archives of different formats containing malicious executable files or macros and OLE objects designed to download malicious executable files. Kaspersky discovered that the malicious files are intended to steal confidential data and install stealthy remote administration tools on infected systems. Using Whois services, Kaspersky found that the domains used to host the malware were registered to residents of Nigeria. Once in, the hackers compromise a legitimate email and change the banking account details.

The malware used in these attacks belonged to families that are popular among cyber-criminals, such as ZeuS, Pony/FareIT, LokiBot, Luminosity RAT, NetWire RAT, HawkEye, ISR Stealer and iSpy keylogger. ”The phishers selected a toolset that included the functionality they needed, choosing from malware available on cyber-criminal forums. At the same time, the malware was packed using VB and .NET packers – a distinct feature of this campaign. To evade detection by security tools, the malicious files were regularly repacked using new modifications of the same packers,” said the researchers. At least eight different Trojan-Spy and Backdoor families were used in the attacks. Further research found that the domain names of some of the malware command-and-control servers used by the attackers mimicked domain names used by industrial companies – “more proof that the attacks were primarily targeting industrial companies,” said researchers. They added that most domains used for malware C&C servers were registered to residents of Nigeria. Researchers warned that it would be very dangerous if, because of an infection, cyber-criminals were able to gain access to computers that are part of an industrial control system (ICS). “In such cases, they can gain remote access to the ICS and unauthorised control over industrial processes,” said researchers. Owen Connolly, vice president services (EMEA) at IOActive, told SC Media UK that this attack is not actually targeting industrial control systems or operational technology.

“It’s just targeting users that work for large companies. The fact that those companies may also have OT systems could just be coincidence, not correlation,” he said. Mark James, security specialist at ESET, told SC Media UK that scammers are opportunistic. They understand they need to adapt and will change their tactics to get the best result. “With the 419 scams being so synonymous with the public, the scope for business users being victims is massive. We also need to consider the scope for larger, single successful attacks reaping the benefits much quicker than the smaller, and often much harder, sells through the public,” he said.

Javvad Malik, security advocate at AlienVault, told SC that organisations dealing with industrial control systems may not be as savvy to scams as financial services, so it could be that the success rate of targeted emails is higher. “Allowing criminals to make quick money. On the other hand, it could allow criminals to implant malware on industrial control systems, or at least on systems that support the ICS. This can then be allowed for further nefarious purposes such as deploying ransomware – or selling on the access to other criminals or ever nation states,” he said.

Hamilton Nwosa
Hamilton Nwosa
Hamilton Nwosa is an experienced, and committed communication, business, administrative, data and research specialist . His deep knowledge of the intersection between communication, business, data, and journalism are quite profound. His passion for professional excellence remains the guiding principle of his work, and in the course of his career spanning sectors such as administration, tourism, business management, communication and journalism, Hamilton has won key awards. He is a delightful writer, researcher and data analyst. He loves team-work, problem-solving, organizational management, communication strategy, and enjoys travelling. He can be reached at: hamilton_68@yahoo.com

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

[tds_leads input_placeholder="Your email address" btn_horiz_align="content-horiz-center" pp_msg="SSd2ZSUyMHJlYWQlMjBhbmQlMjBhY2NlcHQlMjB0aGUlMjAlM0NhJTIwaHJlZiUzRCUyMiUyMyUyMiUzRVByaXZhY3klMjBQb2xpY3klM0MlMkZhJTNFLg==" pp_checkbox="yes" tdc_css="eyJhbGwiOnsibWFyZ2luLXRvcCI6IjMwIiwibWFyZ2luLWJvdHRvbSI6IjQwIiwiZGlzcGxheSI6IiJ9LCJwb3J0cmFpdCI6eyJtYXJnaW4tdG9wIjoiMTUiLCJtYXJnaW4tYm90dG9tIjoiMjUiLCJkaXNwbGF5IjoiIn0sInBvcnRyYWl0X21heF93aWR0aCI6MTAxOCwicG9ydHJhaXRfbWluX3dpZHRoIjo3NjgsImxhbmRzY2FwZSI6eyJtYXJnaW4tdG9wIjoiMjAiLCJtYXJnaW4tYm90dG9tIjoiMzAiLCJkaXNwbGF5IjoiIn0sImxhbmRzY2FwZV9tYXhfd2lkdGgiOjExNDAsImxhbmRzY2FwZV9taW5fd2lkdGgiOjEwMTksInBob25lIjp7Im1hcmdpbi10b3AiOiIyMCIsImRpc3BsYXkiOiIifSwicGhvbmVfbWF4X3dpZHRoIjo3Njd9" display="column" gap="eyJhbGwiOiIyMCIsInBvcnRyYWl0IjoiMTAiLCJsYW5kc2NhcGUiOiIxNSJ9" f_msg_font_family="downtown-sans-serif-font_global" f_input_font_family="downtown-sans-serif-font_global" f_btn_font_family="downtown-sans-serif-font_global" f_pp_font_family="downtown-serif-font_global" f_pp_font_size="eyJhbGwiOiIxNSIsInBvcnRyYWl0IjoiMTEifQ==" f_btn_font_weight="700" f_btn_font_size="eyJhbGwiOiIxMyIsInBvcnRyYWl0IjoiMTEifQ==" f_btn_font_transform="uppercase" btn_text="Unlock All" btn_bg="#000000" btn_padd="eyJhbGwiOiIxOCIsImxhbmRzY2FwZSI6IjE0IiwicG9ydHJhaXQiOiIxNCJ9" input_padd="eyJhbGwiOiIxNSIsImxhbmRzY2FwZSI6IjEyIiwicG9ydHJhaXQiOiIxMCJ9" pp_check_color_a="#000000" f_pp_font_weight="600" pp_check_square="#000000" msg_composer="" pp_check_color="rgba(0,0,0,0.56)" msg_succ_radius="0" msg_err_radius="0" input_border="1" f_unsub_font_family="downtown-sans-serif-font_global" f_msg_font_size="eyJhbGwiOiIxMyIsInBvcnRyYWl0IjoiMTIifQ==" f_input_font_size="eyJhbGwiOiIxNCIsInBvcnRyYWl0IjoiMTIifQ==" f_input_font_weight="500" f_msg_font_weight="500" f_unsub_font_weight="500"]

Latest stories

NDN
Latest News
Defection: Maku Backs Alia, Says No Plan To Make Benue Gov. Dumps APC For PDPShadow Opposition Cabinet: Judge Decides DSS, Utomi's Fate June 25DSS Seeks Court Injunction to Halt Utomi’s Shadow Government ProtestsMokwa Flood: Death Toll Hits 200 As NASEMA Recovers Bodies Of 7 ChildrenIn 2 Years, Tinubu Has Surpassed Shagari, IBB, Obasanjo, Yar'Adua, Jonathan, Says APCAnambra Guber: Soludo, Moghalu, Ukachukwu, Others Scale through as INEC Releases Final ListAmaechi Opens Up On Why He Made Wike Chief Of StateElon Musk Slams Trump’s Spending Bill as An Abomination[VIDEO] Reuben Abati Blasts Wike for "Disrespectful" Comments on Amaechi, OdiliFubara Meets Tinubu in Lagos Amid Political Tension in Rivers StateObasanjo Opens Up On Why He Established Leadership InstituteWhat Caused Deadly Mokwa Flood In Niger -- Minister, Utsev2027: No Automatic Tickets For Lawan, Oshiomhole, Wamako, Kalu, Ndume, Yar'Adua, Other 103 Senators, Says APCBREAKING! Appeal Court Voids Election Tribunal's Verdict, Hands APC Victory In ALL 23 Benue LGs$1.28 billion's Withheld Airlines Funds: IATA Clears Nigeria As Mozambique top list
X whatsapp