SilverTerrier cybergang evolving new techniques for BEC scams

Palo Alto Networks Unit 42 researchers have actively monitored the evolution of SilverTerrier Nigerian Business Email Compromise (BEC) threat actors.

The threat actors have been attributed to more than 51,000 malware samples and 1.1 million cyber attacks over the last four years as they are gaining experience quickly as they adopt new technologies, techniques, and malware to advance their schemes, according to a May 9 blog post.

Researchers said that while BEC scams are a global threat, the focus on Nigerian actors provides insight into one of the world’s largest subcultures given the country’s historic ranking as a top five hotspot for cybercrime.

Between 2018 and 2019 the VirusTotal detection rates slightly improved from 53 percent to 58 percent but researchers noted the low number lends credence to and highlights the significance of the threat that this malware employment technique poses to organizations relying on traditional signature-based detection capabilities.

“In addition to impressive growth, Nigerian actors continue to launch their attacks against the breadth of all industry segments,” the report said. “Our data shows that the high-tech industry received the greatest number of attacks, climbing from 46k to 120k over the past year.”

The wholesale industry followed as the second most targeted industry and has witnessed a 400 percent growth in attacks from 2017, manufacturing observed an uptick in attacks from 32,000 to 57,000 but dropped one position to become the third most targeted industry, and professional and legal services securing fourth and fifth most targeted industries, respectively.

SilverTerrier actors are also gaining more experience as the adopt new malware, tools, and techniques to advance their schemes and so far have used 20 different commodity malware tools in the last four years.

The cybergang was also noted for using information stealers such as AgentTesla, Atmos, AzoRult, ISpySoftware, ISR Stealer, KeyBase, LokiBot, Pony, PredatorPain and Zeus all of which were designed to capture screenshots, passwords, or other sensitive files.

In addition, researchers noted the gang’s use of Remote Administrations tools at an average production of 533 samples per month, representing a gain of 36 percent over the previous year, nearly half that of information-stealers.

BEC scams remain one of the most profitable and widespread threats popular among cybergangs  with recent reports quantifying global losses in excess of $12.5 billion, researchers said. Businesses should always ensure their systems are up to date, ensure staff is properly trained, and use anti-malware and firewall protection.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.