Palo Alto Unit 42: Nigerian cybercrime gang SilverTerrier is growing. It has over 400 individual actors and in the past four years it launched 1.1 million attacks with more than 51,000 malware. The malicious hackers target all industry sectors with Business Email Compromise (BEC) schemes
Nigerian cybercrime gang SilverTerrier is growing. It has been discovered by Palo Alto Unit 42 cyber security experts, who are monitoring the malicious hackers. According to the researchers, now it includes over 400 individual actors and evolve it’s evolving. From advance fee and 419 scams to business email compromise (BEC) and malware distribution. The cyber criminals are attributed to over 51,000 malware samples and 1.1 million attacks over the past four years. Moreover, in 2018 there has been a 54% increase in cyber attacks. The targets are all industry segments. Especially High Tech, Wholesale, Manufacturing, Education and Professional/Legal Services. These actors predominately rely on email to distribute their malware, often linked to BEC campaigns. Those schemes are one of the most profitable and widespread activities amongst cyber criminals with recent reports quantifying global losses in excess of US$12.5 billion.
The cyber security experts: The cybercrime gang use essentially 2 different kind of malware: Information Stealers and Remote Administration Tools (RAT). In 2018 the first declined and the second increased
According to the cyber security experts, SilverTerrier actors are gaining experience quickly as they adopt new technologies, techniques, and malware to advance their BEC schemes. Over the course of the past four years, the cybercrime gang adopted and used 20 different commodity malware, leveraging a variety of constantly evolving “crypters” to obfuscate the tools. Those are essentially Information Stealers and Remote Administration Tools (RAT). In the first category there are AgentTesla, Atmos, AzoRult, ISpySoftware, ISR Stealer, KeyBase, LokiBot, Pony, PredatorPain, and Zeus. In the second, NetWire, DarkComet, NanoCore, LuminosityLink, Remcos, ImminentMonitor, NJRat, Quasar, Adwind, and HWorm (Houdini Worm). Unit 42 data from 2018 shows that information stealing malware families remain in common use, with Nigerian cyber criminals producing an average of 1000 samples per month. However, it declined 26%, signaling a shift to more capable RATs, which saw a 36% increase and an average production of 533 samples per month.
Photo Credits: FBI