Application security, Threat Management, Incident Response, Malware, TDR

Social engineering scam targets SMBs with trojans, report warns

A crude but dangerous email-basedsocial engineering scam has been targeting small-to-medium-size businesses inthe U.S., U.K. and India since early 2015, infecting victims' computers with remote accesstrojans (RATs), the Symantec Security Response blog warned today.

Because their primarymotivation is money, the attackers are sending emails designed to attract theattention of employees working in SMB companies' financedepartments, the blog post stated. These phishing emails come from spoofed orstolen accounts with subject heads such as “Re:Invoice” and “Remittance Advice.”

When recipients click on file attachments,they unknowingly download malware that gives the cybercriminal virtuallyunfettered access to users' computers, allowing them to steal credentials and usethem to transfer funds into their accounts. Thus far, the perpetrators have reliedon two publicly available RATs, Backdoor.Breut and Trojan.Nancrat, which grant backdooraccess to a computer's files, webcam and microphone, and allows hackers to logkeystrokes. In some cases, the criminals have even downloaded manuals from thevictims' computer to learn how to operate and exploit their financial software.

According to Symantec, 56 percent ofthe scam's reported victims were based in India, 23 percent were based in the U.S.and 21 percent in the U.K. Intelligence suggested this network of cybercriminalsis relatively small in number and likely based in Europe or the U.S., the blogpost added. The hackers didn't appear to be targeting any specific industry or companies;they are merely looking for businesses that can be easily compromised.

Though the tactics here are fairly simplistic, "It's important to remember that less skilled attackers can still cause major damages to a targeted company," said Gavin O'Gorman, principal intelligence analyst at Symantec, in a statement to "The attackers in this case used basic social-engineering tactics to gain access, which proved to be successful in spreading RATs quickly and effectively."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.