Nigerian BEC scam hits 500 companies in 50 countries
Nigerian scams have been going on for a while in recent years, making the public generally aware of them. Recently, they have been targeting large industries, hitting 500 companies in 50 countries using BEC (Business E-mail Compromise). Cost estimates, network diagrams, technical drawings, and project plans were among sensitive data that was compromised.
Among the top hit countries was the United Arab Emirate, Russia, India, and Germany. The e-mail scams come with an old Microsoft Word exploit known as CV-2015-1641 or macros and OLE objects that allows you to download files that are malicious. On top of that, .NET and VB packers from 8 various families such as Zeus, LokiBot, Pony, and other RATs were being used for data sniffing.
The attack may be carried out in three different ways. If the scammer is able to compromise the website of the companies, then they would host their C&C on it. If they were able to compromise an e-mail, then they would send malicious e-mails to other executives of other companies. If access has not been secured, then they would mimic the domain name of the company and set up their C&C.
To conclude, Kaspersky Lab researchers who found out about this attack stated that although these attacks are not new, industrial focus has risen and will not eventually disappear soon. We can expect more of them to come therefore it is critical for companies to be aware and trained at preventing scams and phishing attempts.
Source: threatpost