Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Nigerian Scammers. Show all posts

INTERPOL Arrests Three Nigerians in Relation with a Global Scam 

 

Three Nigerian men were arrested and convicted as a result of an Interpol-led operation code-named Killer Bee. They were accused of using a remote access trojan (RAT) to reroute bank transactions and steal business credentials. Two possible accomplices were also apprehended. 

The trio, aged 31 to 38, was apprehended as part of an 11-country sting operation involving law enforcement agencies from Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nigeria, the Philippines, Singapore, Thailand, and Vietnam. 

Agent Tesla is a prominent "malware-as-a-service" Remote Access Trojan (RAT) tool used by malicious attackers to collect information like credentials, keystrokes, and clipboard data from the victims. It was initially identified in late 2014. 

Due to Agent Tesla's stability, flexibility, and functionality, which allows for the sampling of sensitive data and exfiltration from the victim, it is used by both cybercriminal groups and actors involved in espionage operations. 

While the authorities did not say how much money the hackers allegedly took, the companies targeted included oil and gas enterprises in Southeast Asia, the Middle East, and North Africa. As per INTERPOL arrested three Nigerians in relation with a global scam The other two men are still facing charges. As per Interpol, one of the scammers, Hendrix Omorume, was prosecuted and convicted of three counts of significant financial fraud and now risks a sentence of 12 months in prison. The other two men are still facing charges.

Interpol and the Nigerian Police Force, with the help of various cybersecurity firms (Group-IB, Palo Alto Networks Unit 42, and Trend Micro), identified a 37-year-old Nigerian man as one of the SilverTerrier cybercrime group's commanders last week.

"Cybercrime is growing at a rapid pace, with new trends continuously appearing," stated Abdulkarim Chukkol, Director of Operations at the EFCC. INTERPOL and the EFCC collaborate on operations like Killer Bee to keep up with emerging technologies, understand the opportunities they provide for criminals, and how they may be used to combat cybercrime.

Nigerian Scammers Specializing in BEC Attacks Continue to Mature

 

Cybersecurity researchers at Palo Alto Networks Unit 42 have actively tracked the evolution of SilverTerrier Nigerian Business Email Compromise (BEC) threat actors. 

From 2014 to the present, researchers have uncovered over 170,700 samples of malware directly linked to Nigerian BEC actors. These samples have been noticed in over 2.26 million phishing attacks targeting users across all industries worldwide.

Evolution of Nigerian threat actors 

Business email compromise (BEC) attacks are one of the most financially damaging cybercrimes and have been on the rise over the past seven years. The Nigerian threat actors dubbed SilverTerrier, have contributed greatly to this growth. These threat actors are responsible for collectively producing more than 170,700 samples of malware directly linked to 2.26 million attacks, according to Palo Alto Network findings. 

SilverTerrier specializes in business email compromise attacks, the kind of email fraud in which scammers impersonate a target’s coworker or friend, then ask for wire transfers. The focus on Nigerian threat actors provides insight into one of the world’s largest subcultures given Nigeria’s historic ranking as a top-five hotspot for cybercrime. 

When first discovered in 2014, SilverTerrier included only a few individuals experimenting with commodity malware. Presently, it has 540 individual threat actors performing attacks worldwide.

Researchers at Palo Alto Networks have traced one such individual named, Onuegwu Ifeany, who studied computer science at Imo State University and launched Ifemonums-Solution LTD as a legitimate business venture in late 2014. That same year, he began his criminal activities, and from 2014 until his arrest, he registered over 150 malicious domains for personal use and to support other actors. Many of these domains also served as command-and-control infrastructure for over 2,200 samples of malware, including Pony, LokiBot, PredatorPain, ISRStealer, ISpySoftware, Remcos, and NanoCore.

Over the past seven years, researchers have also discovered over 10 different commodity information stealer families employed by SilverTerrier actors, with more effective tools being adopted over older ones. Since 2014, the threat actors have employed 13 RAT families, with LuminosityLink, NJRat, Quasar, and WarZone dropping in popularity over time, but Netwire, DarkComet, NanoCore, Remcos, ImminentMonitor, Adwind, Hworm, Revenge, and WSHRat are still actively used. 

How to protect yourself against BEC attacks? 

According to GreatHorn report, nearly 50% of all BEC attacks result from the spoofing of an individual’s identity in the display name. Among those spear phishing emails, cybercriminals are also using company names (68%), names of individual targets (66%), and the name of boss/managers (53%) to conduct their attacks. By following the steps given below you can mitigate the risks: - 

  • Avoid free web-based e-mail accounts 
  • Enable multi-factor authentication for business email accounts
  • Don’t open any email from unknown parties
  • Secure your domain 
  • Double-check the sender’s email address
  • “Forward,” don’t “reply” to business emails 
  • Know your customers and vendor’s habit 
  • Always verify before sending money or data