Those Nigeria-based cybercriminals that send emails that promise unsuspecting individuals of millions of dollars in exchange for a small upfront deposit are now infiltrating businesses with advanced techniques, warns a security export.
419 Evolution, a new report released today from Unit 42, the Palo Alto Networks threat intelligence team, explains how Nigeria-based scammers are now using the same tools more sophisticated criminal and espionage groups often deploy to steal business-critical data from enterprises.
Nigerian criminals are infamous for running easily-spotted “419” phishing scams that attempt to collect credit card details or personal information from individuals, but over the past few years have expanded their skills to target businesses using more advanced techniques.
Palo Alto Networks researchers discovered these activities and techniques, code-named Silver Spaniel, using WildFire, which rapidly analyzes cyberthreats in a cloud-based, virtual sandbox environment.
Among other techniques, Nigerian criminals use Remote Administration Tools (RATs) available through underground forums, including commercial RATs such as NetWire, that provide complete control over infected systems.
Attacks similar to Silver Spaniel in the past may have come from Eastern Europe or a hostile espionage group; businesses haven’t traditionally dedicated resources to these potentially impactful spammers from Nigeria.
Traditional Antivirus programs and legacy firewalls are ineffective because Silver Spaniel attacks are specifically designed to evade those technologies
“These Silver Spaniel malware activities originate in Nigeria and employ tactics, techniques and procedures similar to one another. The actors don’t show a high level of technical acumen, but represent a growing threat to businesses that have not previously been their primary targets,” says Ryan Olson , Unit 42 Intelligence Director, Palo Alto Networks.