Nigerian BEC scammers a global threat

News by Robert Abel

Nigerian actors continue to launch their attacks against the breadth of all industry segments - the high-tech industry received the greatest number of attacks, climbing from 46k to 120k over the past year.

Palo Alto Networks Unit 42 researchers have actively monitored the evolution of SilverTerrier Nigerian Business Email Compromise (BEC) threat actors.

The threat actors have been attributed to more than 51,000 malware samples and 1.1 million cyber-attacks over the last four years as they are gaining experience quickly as they adopt new technologies, techniques, and malware to advance their schemes, according to a 9 May blog post.

Researchers said that while BEC scams are a global threat, the focus on Nigerian actors provides insight into one of the world’s largest subcultures given the country’s historic ranking as a top five hotspot for cyber-crime.

Between 2018 and 2019 the VirusTotal detection rates slightly improved from 53 percent to 58 percent but researchers noted the low number lends credence to and highlights the significance of the threat that this malware employment technique poses to organizations relying on traditional signature-based detection capabilities.

"In addition to impressive growth, Nigerian actors continue to launch their attacks against the breadth of all industry segments," the report said. "Our data shows that the high-tech industry received the greatest number of attacks, climbing from 46k to 120k over the past year."

The wholesale industry followed as the second most targeted industry and has witnessed a 400 percent growth in attacks from 2017, manufacturing observed an uptick in attacks from 32,000 to 57,000 but dropped one position to become the third most targeted industry, and professional and legal services securing fourth and fifth most targeted industries, respectively.

SilverTerrier actors are also gaining more experience as the adopt new malware, tools, and techniques to advance their schemes and so far have used 20 different commodity malware tools in the last four years.

The cyber-gang was also noted for using information stealers such as AgentTesla, Atmos, AzoRult, ISpySoftware, ISR Stealer, KeyBase, LokiBot, Pony, PredatorPain and Zeus all of which were designed to capture screenshots, passwords, or other sensitive files.

In addition, researchers noted the gang’s use of Remote Administrations tools at an average production of 533 samples per month, representing a gain of 36 percent over the previous year, nearly half that of information-stealers.

BEC scams remain one of the most profitable and widespread threats popular among cybergangs with recent reports quantifying global losses in excess of US$ 12.5 billion (£9.7 billion), researchers said. Businesses should always ensure their systems are up to date, ensure staff is properly trained, and use anti-malware and firewall protection.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike