A crude but dangerous email-basedsocial engineering scam has been targeting small-to-medium-size businesses inthe U.S., U.K. and India since early 2015, infecting victims’ computers with remote accesstrojans (RATs), the Symantec Security Response blog warned today.
Because their primarymotivation is money, the attackers are sending emails designed to attract theattention of employees working in SMB companies’ financedepartments, the blog post stated. These phishing emails come from spoofed orstolen accounts with subject heads such as “Re:Invoice” and “Remittance Advice.”
When recipients click on file attachments,they unknowingly download malware that gives the cybercriminal virtuallyunfettered access to users’ computers, allowing them to steal credentials and usethem to transfer funds into their accounts. Thus far, the perpetrators have reliedon two publicly available RATs, Backdoor.Breut and Trojan.Nancrat, which grant backdooraccess to a computer’s files, webcam and microphone, and allows hackers to logkeystrokes. In some cases, the criminals have even downloaded manuals from thevictims’ computer to learn how to operate and exploit their financial software.
According to Symantec, 56 percent ofthe scam’s reported victims were based in India, 23 percent were based in the U.S.and 21 percent in the U.K. Intelligence suggested this network of cybercriminalsis relatively small in number and likely based in Europe or the U.S., the blogpost added. The hackers didn’t appear to be targeting any specific industry or companies;they are merely looking for businesses that can be easily compromised.
Though the tactics here are fairly simplistic, “It’s important to remember that less skilled attackers can still cause major damages to a targeted company,” said Gavin O’Gorman, principal intelligence analyst at Symantec, in a statement to SCMagazine.com. “The attackers in this case used basic social-engineering tactics to gain access, which proved to be successful in spreading RATs quickly and effectively.”