Nigerian cyber hackers and online criminals are being suspected of plotting a grand theft, stealing information and money that amounted into billions of dollars internationally.
According to the authorities, these criminals have been able to pursue their grand plan by sending malicious emails to commercial and established companies in the industry. The said emails are designed to obtain valuable data such as usernames, password and credit card information. With 22,143 companies that were affected in the scheme, the FBI declared that these online attacks have stolen an estimated amount of 3 billion dollars. Most companies operate in transportation and logistics industry, majority are based in UAE, Russia, Germany and India.
An internet security provider company named Kaspersky Labs has further released information that there are more than 500 companies in at least 50 countries that are under attack as well. The company released a blog post explaining that the cyber hackers were able to steal floor plans, structure diagrams and technical drawings, baring the ways on how the electrical structure of the companies’ networks work.
Upon analysis, researchers have found out that these business emails looked genuine enough to fool people. There are even supporting details such as attachment of “Saudi Aramco Quotation Request for October 2016”, “Energy & Industrial Solutions W.L.L_pdf” and “Woodeck Specifications best Prices Quote.uue”. The malicious emails are well crafted and looked highly legitimate.
The email has a sense of urgency, forcing receivers to check out the details as soon as possible to clarify the goods and products in the attached delivery note. These bait attachments consist of RTF files with a program that can derive the CVE-2015-1641 vulnerability. There are also files that come in various formats which are exploited to download highly valuable files. Kaspersky also found out that the malicious files are programmed to gather confidential information and to install furtive remote administration tools on networks’ infected systems.
By using the services of Whois, Kaspersky has also discovered that domains used to host the malware trace back to registered Nigerian residents. These cyber hackers present a highly legitimate business emails to steal banking account details. The malware that is used in these scams are owned by families that are famous among cyber hackers. The list includes Luminosity RAT, ZeuS, iSpy keylogger, HawkEye, NetWire RAT and LokiBot. Further research concluded that there are eight different Backdoor and Trojan-Spy families that were used in the $3 billion grand theft attack.