Nigerian Cyber Threat Actor Changes Tactics
Business email compromise (BEC) scams have grown substantially and are continuing to target lucrative businesses, especially the high-tech sector. Nigerian threat actors, dubbed SilverTerrier, are leading the most BEC campaigns with over 1.1 million attacks launched over the last three years. There has been a shift in technique from information stealers, such as AgentTesla and LokiBot, to remote access tools (RATs). This new technique provides more capabilities to obtain useful information about potential victims. The most common RATs used are NanoCore and Netwire. The FBI’s Internet Crime Complaint Center (IC3) Recovery Asset Team received a total of 351,936 BEC complaints in 2018, reporting a loss of over $2.7 Billion. A Unit 42 research team has made a listcomprised of over 18,000 malware domains associated with BEC. The NJCCIC recommends users verify the source and instructions of any monetary transaction or other unusual request received via email through a separate means of communication. We advise users to pay special attention to any red flags in the email, such as poor spelling and grammar, and a sense of urgency. Users may report BEC scams to either IC3 or the NJCCIC.