A large spree of Cyber-attacks which aims to infect networks, steal information and commit fraud has impacted over 4,000 organisations globally in the past 4 months. Some of the companies hit include leading international names in the banking, manufacturing, construction and oil and gas industries across Germany, Croatia, Abu Dhabi, Egypt, Kuwait and Dubai.
Attacks of this nature and scale tend to be accredited to cyber-criminal gangs, many of which are state funded with the aim of destabilising economies. However, in this case, this couldn’t be further from the truth. Researchers have discovered that these attacks are the work of a Nigerian man in his 20s who works on his own near the Nigerian capital. Funnily, on his personal Facebook page he uses the phrase, “Get Rich or Die Trying”.He started the APT style attacks back in April 2017, using fraudulent emails which appear to come from Saudi Aramco (The world's second largest daily oil producer), targeting financial employees within companies to try and get them to open malware-infected attachments or phish them for company bank details. He has also been using a remote-access trojan which allows full control over infected machines and a basic key-logging program.
Even though this individual has been using a generic malware and low-quality phishing emails, he has still been able to successfully infect over 14 organisations and earn thousands of dollars. One would question both the level or lack of Email Security and employee phishing awareness training.
Business email compromise attacks have increased dramatically over the past 18 months. The FBI reported a 270 per cent rise in victims since the start of 2016. Victims lose $50,000 on average. This class of fraud is estimated to have cost organisations globally over $3bn from 2013 to 2016. Business leaders need to be more aware of the rising rates of cybercrimes and invest sufficiently in protecting their organisation’s resources including their employees.
Publish Date: Aug 21, 2017 5:30:34 PM