Cybersecurity warning: These scammers are looking for a way into your email accounts

Increasingly mature cyber-criminal operations are becoming more successful at using email to help steal large amounts of money from targets, warns report.
Written by Danny Palmer, Senior Writer

Business email compromise (BEC) attacks have more than doubled in the past year as cyber criminals try to use their email scams against big businesses.

This form of cyber crime is often based around scammers pretending to be someone known to the victim – a colleague, a contractor, or maybe even their boss – and asking for a large sum of money to be transferred, often under the guise of a business deal or payment.

But before getting to this point, campaigns will infiltrate networks – often by using phishing attacks and malware – and observe business activity and relationships in order to find the right time to launch their scam.

According to the FBI, BEC attacks have cost organisations $26 billion in the last three years.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

new report from Palo Alto Networks examines BEC operations working out of Nigeria during 2019. Dubbed SilverTerrier, the report details how these scammers are behind millions of attacks and "dominant" when it comes to this form of crime. However, the paper also points out that SilverTerrier isn't a single entity, but rather a collection of loosely affiliated groups and individuals that, while closely linked, aren't necessarily operating as a coherent unit.

During 2019, SilverTerrier was performing an average of 92,739 attacks a month, representing a 172% increase compared to 2018. June was the busiest month of activity, with researchers detecting evidence of 245,637 attacks that month alone. The results are based on data collected by monitoring attempted attacks against Palo Alto Networks' customers – meaning the true extent of the campaigns are likely to be much larger and the number of attacks is likely to continue to grow.

"BEC attacks continue to rise because they are easy to execute, cost little from an attacker standpoint, are profitable, and are very difficult for law enforcement to prosecute across international borders," Pete Renals, principal researcher for Unit 42 at Palo Alto Networks, told ZDNet.

The professional legal services industry saw a large rise in attacks during 2019, with almost 300,000 attacks detected. While the reasons for the increase in targeting this sector isn't known, it does demonstrate how BEC scams can be highly flexible in choosing victims – although some organisations are targeted more than others.

According to the report, the high-tech industry was the most targeted in 2019, with 350,000 detected attacks – a figure more than double that of the previous year.

Manufacturing, education and retail are also common targets for attacks, most likely because these sectors deal with supply chains and lucrative business contracts, making them ideal for attackers to infiltrate the emails of, before posing as a trusted contact and making off with a large sum of money.

Many of these campaigns involve the use of off-the-shelf commodity malware to help move campaigns along; because installing malware on the machine of a target can provide huge insights into how they and their contacts operate, making it easier to compile a convincing – and therefore successful – attack.

One of the most common forms of trojan malware used in attacks is NanoCore, which has seen a sharp rise in use by SilverTerrier and Netwire, and while not as popular as it previously was with the group, is still providing them with results – as demonstrated by the rise in attacks.

SEE: This latest phishing scam is spreading fake invoices loaded with malware

While there have been some instances of indictments and arrests against Nigerian email scammers, it's unlikely that the campaigns will be stopping any time soon, but rather the attackers are going to get more ambitious than ever.

"We expect the group to continue growing in terms of actors, groups, global losses, and attacks. We anticipate that actors will continue to adopt new commodity remote administration tools over information stealers. We also expect to see growing exploitation of common CVEs to embed their malware in files such as Word documents, Excel sheets, and PDFs," said Renals.

With phishing attacks one of the most common threats in BEC campaigns, organisations should ensure their staff are trained to identify potentially suspicious emails and that they know how to report them to the information security team. Using multi-factor authentication on email can also create an additional barrier to BEC campaigns, because scammers can't so easily take over email accounts to pose as others to ask for payments. 


Editorial standards