Africa's cybercrime gangs move way beyond 419 scams

News by Tim Ring

African cyber-criminals have expanded far beyond the simple '419' Nigerian scams they are notorious for, and are now using sophisticated botnets, RATs and targeted attack techniques, according to Trend Micro.

In a 11 August blog post, Trend warns that the region's criminals are running campaigns to deliver banking malware like Zeus/ZBOT, and using botnets in targeted attacks to launch remote access Trojans (RATs) like the Blackshades toolkit to steal passwords, log keystrokes, launch denial of service attacks and download and run malware.

Trend says web defacement is also a major cyber-crime activity in north Africa, with hacker groups in Morocco, Algeria, Tunisia and Egypt. They typically aim to deface websites in the US, Europe and elsewhere with messages relating to current events or political causes.

Trend has also tracked cyber-criminals based in Nigeria using the Ice IX banking Trojan alongside Zeus to steal online banking credentials, email and social media account details.

Nigeria became notorious in the early 2000s as the original home of the 419 scam, where people were conned into making payments in exchange for a reward to help supposedly high-ranking government officials and their families.

But Trend says that, partly driven by the region's poverty: “More and more people are turning to cyber-crime as a lucrative business.”

It explains: “Africa isn't the only region experiencing this type of cyber-criminal expansion. We are seeing the same indicators in India. The adoption of such methodologies could be traced back to the society these cyber-criminals live in, wherein some of them are highly educated but without any employment prospects.

“Moreover, the shortage of laws related to cyber-crime - and the lack of enforcement for existing laws - in these countries make it difficult to catch and apprehend these criminals.

“However, only time will tell if these cyber-criminals will shift yet again - this time, to being major players in targeted attack groups.”

Commenting on the report, cyber industry watcher Fran Howarth, a senior security analyst at Bloor Research, feels African cyber crime has been boosted by the developing internet infrastructure.

She told via email: “Whilst Africa suffers relatively low levels of losses to cyber-crime, malicious deeds look set to increase rapidly. One of the reasons for this is that infrastructure in Africa has been developed considerably in recent years, with cables now reaching most of the continent. Yet defences are likely to be relatively immature, which tends to lead to more opportunities for cyber-criminals.”

Howarth added: “We can expect to see a dramatic increase in online attacks, as has been seen in South Africa, especially those that are banking or finance-related, since the banking sector is so under-developed comparatively.

“Africa, with Kenya leading the way, is spearheading growth in the use of mobile payments, where few standards have yet been developed, and which could be a boon for cyber criminals.”

But John Walker, director at security consultancy firm ISX and visiting Professor at Nottingham-Trent University's School of Science and Technology, believes that focusing on one area could distract from the fact that cyber-crime is flourishing across the globe.

He told by email: “I feel it is a mistake to isolate one particular region. The fact is, no matter the demographic - be it China, Russia, the Middle East, the US or even the UK - we have allowed cyber-criminals to evolve and to gain a grip, and the mistake has been compounded by tolerance. Cyber-crime is a flourishing trade, and one that applies a high degree of imagination, which we must match if we are to stand any chance of denting this growing threat.”

Rik Ferguson, global VP of security research at Trend Micro, told via email that he agreed with John Walker that, “ it is a mistake to isolate one particular region” but added: “It is more of a mistake to ignore specific factors in individual areas that facilitate the growth of online crime. There are certain areas that are hotbeds of criminal innovation, providing most of tools and modus operandi replicated or purchased globally. Africa is on the verge of becoming both a major consumer as well as an innovator with a specific skillset and ecosystem (mobile payments) not present in other areas. It would be short-sighted to ignore it.”

He adds: “The rise in cybercrime originating from the African continent means security professionals in the UK (and the rest of the world) have a new and developing hotbed of criminal innovation to contend with, alongside the traditional trouble-spots such as China, Brazil, Russia and former Eastern Bloc countries. Boosted by the expanding connectivity available on the African continent, already established criminal network are expanding their operations globally.”

Ferguson said the cyber threat from Africa is currently low compared to other regions, but explained: “The current exponential growth for the connected user base alongside the available bandwidth represents not only a breeding ground for new cyber criminal groups, but also a very rich target population for criminal groups already established elsewhere.”

In separate news, Trend Micro has released its global Q2 ‘2014 Security Roundup' report, which shows the UK remains the country with the highest number of botnet command and control (C&C) servers, and botnet connections, in the world. Trend also reports that the “demise” of Windows XP seemingly pushed attackers to change tactics, with ransomware moving to the Android platform and the Operation Emmental attack using mobile SMS messages to target bank customers. Fake anti-virus also made a comeback with ‘Virus Shield'.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews