419 Evolution, released a new report, from Unit 42, the team of Palo Alto Networks threat intelligence, which explains how Nigeria-based scammers are now using the tools, which are often deployed by more sophisticated criminal and espionage groups to steal business-critical data from enterprises.
These criminals are infamous for running easily-spotted 419 phishing scams attempting to collect credit card details or the personal information from individuals, but over the past few years they have expanded their skills to, by targeting businesses, and using more advanced techniques.
The researchers of Palo Alto Networks, discovered these activities and techniques, a code-named Silver Spaniel, using WildFire, which rapidly analyzes cyber threats in a cloud-
based, virtual environment.
Among other techniques, the criminals use Remote Administration Tools (RATs) available through underground forums, including commercial RATs such as NetWire,
providing complete control over infected systems.
Attacks similar to Silver Spaniel in the past may have come from Eastern Europe or a hostile espionage group.
Also, Traditional Antivirus programs and legacy firewalls are ineffective, because Silver Spaniel attacks are designed specifically to evade those technologies.
These Silver Spaniel malware activities originate in Nigeria and employ tactics, techniques and procedures similar to one another.
The actors dont show a high level of technical acumen, but represent a growing threat to businesses that have not previously been their primary targets, said Ryan Olson, Unit 42 Intelligence Director, Palo Alto Networks.