Experts have alleged that Nigerian hackers and cyber criminals have masterminded a grand theft of information and money running into billions of dollars, worldwide.
The report says the hackers are able to carry out their activities by sending phishing emails to commercial organizations and industrial enterprises, which they later steal dry.
The FBI estimates that these phishing attacks have cost companies over $3 billion. The number of affected companies exceeds 22,143, NAN reports.
Kaspersky Labs, an internet security company said it has found over 500 companies that are under attack in at least 50 countries.
In a blog post, Kaspersky said the cyber-criminals managed to steal technical drawings, floor plans and diagrams showing the structure of electrical and information networks
It also discovered that the malicious files are intended to steal confidential data and install stealthy remote administration tools on infected systems.
Emails received by victims looked authentic enough to fool people. Some had attachments with names such as “Energy & Industrial Solutions W.L.L_pdf”, “Woodeck Specifications best Prices Quote.uue” and “Saudi Aramco Quotation Request for October 2016”.
The emails ask the recipients to check information as soon as possible, clarify product pricing or receive goods specified in the delivery note attached.
The malicious attachments contain RTF files with an exploit for the CVE-2015-1641 vulnerability.
Kaspersky found that the domains used to host the malware were registered to residents of Nigeria. Once in, the hackers compromise a legitimate email and change the banking account details.
The malware used in these attacks belonged to families that are popular among cyber-criminals, such as ZeuS, Pony/FareIT, LokiBot, Luminosity RAT, NetWire RAT, HawkEye, ISR Stealer and iSpy keylogger.
”The phishers selected a toolset that included the functionality they needed, choosing from malware available on cyber-criminal forums. At the same time, the malware was packed using VB and .NET packers – a distinct feature of this campaign. To evade detection by security tools, the malicious files were regularly repacked using new modifications of the same packers,” said the researchers.
At least eight different Trojan-Spy and Backdoor families were used in the attacks.
They added that most domains used for malware C&C servers were registered to residents of Nigeria.