Recently, Palo Alto Networks, known as one of the leaders in enterprise security, reported that cyber criminals in Nigeria have evolved massive malware campaigns to infiltrate businesses which have not previously been their primary targets.
The new report 419 Evolution, released by Unit 42, reveals how the hackers based in Nigeria are currently using the same tools more sophisticated criminal and espionage groups often deploy to steal business-critical data from enterprises.
The Nigerian hackers are infamous for running easily-spotted “419″ phishing scams, attempting to obtain credit card details or personal information from individuals. However, during the past few years, cyber criminals have expanded their skills to target businesses using more advanced techniques.
The researchers from Palo Alto Networks discovered that these activities and techniques, code-named Silver Spaniel, are using WildFire, which rapidly analyzes cyberthreats in a cloud-based, virtual sandbox environment.
Key research takeaways:
- Nigerian criminals use Remote Administration Tools (RATs) available through underground forums, including commercial RATs such as NetWire, which provide complete control over infected systems
- Attacks similar to Silver Spaniel in the past may have come from Eastern Europe or a hostile espionage group. Businesses haven’t dedicated resources to these potentially impactful spammers from Nigeria
- Traditional Antivirus programs and legacy firewalls are ineffective due to the fact that Silver Spaniel attacks are specifically designed to evade those technologies.
“These Silver Spaniel malware activities originate in Nigeria and employ tactics, techniques and procedures similar to one another. The actors don’t show a high level of technical acumen, but represent a growing threat to businesses that have not previously been their primary targets.” — said Ryan Olson, Unit 42 Intelligence Director, Palo Alto Networks.
To protect against the NetWire RAT, Palo Alto Networks has released a free tool to decrypt and decode command and control traffic and reveal data stolen by Silver Spaniel attackers.
