|The New Nigerian Email Swindle|
By NICOLE PERLROTH
New York Times
July 22, 2014 11:02 am
Call it the Nigerian email swindle 2.0.
In the last three months, security researchers at Palo Alto Networks, the Silicon Valley-based security firm, have been tracking a series of cyberattacks affecting clients based in Taiwan and South Korea. The attacks, Palo Alto Networks said in a new report to be released on Tuesday, originate in Nigeria and are being orchestrated by some of the same people behind the Nigerian 419 swindle, in which fraud artists try to trick foreign victims into transferring money to their bank accounts.
The latest attacks, researchers say, are an example of how even unsophisticated actors can buy off-the-shelf hacking tools that allows them to spy on, and eventually steal from, victims without being detected by traditional antivirus products.
The researchers said they have been tracking this particular criminal operation, which they call Silver Spaniel, for months. The attacks begin, as so many do, with a malicious email attachment. (Ah, yes, dear reader, yet another example of the dangers of wanton clicking.) Once clicked, victims inadvertently download malicious tools onto their devices; one, NetWire, is capable of remotely taking over a Windows, Mac OS or Linux system, and another, DataScrambler, makes sure the NetWire program is undetectable by antivirus products.
Researcher said the attackers did not design the tools themselves, but got them from other hackers on underground hacking forums. DataScrambler can be leased for between $25 and $60, depending on how long criminals want to remain undetected as they record their victims’ keystrokes.
Palo Alto Networks said it had traced the attacks to criminals in Nigeria because many of them did not take steps to mask their I.P. addresses. In one case, the researchers said they had discovered a Nigerian who made repeated mentions of his use of the malware on his Facebook page, where his cover photo features a wad of $100 bills. The same person made comments about popular email frauds two years ago, the researchers said.
“In the past, the main target of Nigerian scammers has been wealthy, unsuspecting individuals, but the Silver Spaniel attacks thus far in 2014 indicate their target has shifted toward businesses,” Palo Alto Networks noted in its report.
Palo Alto Networks suggests a number of ways businesses can mitigate Silver Spaniel-style attacks: by blocking and inspecting attachments containing malicious files, for instance, and by blocking access to compromised servers that are noted in its report.