What's the biggest threat to global organizations? Cyber-gangs? Nation-states?

Over 4,000 organizations have been targeted by a 20-year-old Nigerian operating outside the capital using fraudulent emails to try to compromise employees.

“Successful attacks on this scale are usually attributed to expert gangs of cybercriminals—often backed by a nation-state, with the aim of destabilizing economies,” Check Point researchers said. “[Instead], he is a Nigerian national, working on his own. On his social media accounts, he uses the motto ‘get rich or die trying’.”

His fraudulent emails are meant to appear as coming from oil and gas giant Saudi Aramco with the intent to reveal company bank details or implant malware.

“It’s particularly striking that his techniques display a low level of cyber-skills,” the researchers said. “His fraudulent emails are crude and unsophisticated; there is almost no research or social engineering involved in creating them. The titles of the emails are generic, and phrased as “Dear Sir/Ms.” The same mail is sent to numerous targets, all in blind carbon copy, urging victims to send back banking details, perhaps for future scams.”

“In addition to the financial losses resulting from the attack, the malware used by the criminal to infect organizations gives remote control over infected machines, and can perform keylogging functions,” researchers explained “This enables harvesting of a variety of information from infected machines, such as details on the companies’ operations, assets and intellectual property. These can have a value far greater than the thousands of dollars obtained by fraud. What happens when the hackers realize the real value of these assets and start to exploit them?”

CheckPoint has contacted Nigerian authorities as well as international law enforcement.

Source: Info Security