A crude but dangerous email-based social engineering scam has been targeting small-to-medium-size businesses in the U.S., U.K. and India since early 2015, infecting victims' computers with remote access trojans (RATs), the Symantec Security Response blog warned today.
Because their primary motivation is money, the attackers are sending emails designed to attract the attention of employees working in SMB companies' finance departments, the blog post stated. These phishing emails come from spoofed or stolen accounts with subject heads such as “Re:Invoice” and “Remittance Advice.”
When recipients click on file attachments, they unknowingly download malware that gives the cybercriminal virtually unfettered access to users' computers, allowing them to steal credentials and use them to transfer funds into their accounts. Thus far, the perpetrators have relied on two publicly available RATs, Backdoor.Breut and Trojan.Nancrat, which grant backdoor access to a computer's files, webcam and microphone, and allows hackers to log keystrokes. In some cases, the criminals have even downloaded manuals from the victims' computer to learn how to operate and exploit their financial software.
According to Symantec, 56 percent of the scam's reported victims were based in India, 23 percent were based in the U.S. and 21 percent in the U.K. Intelligence suggested this network of cybercriminals is relatively small in number and likely based in Europe or the U.S., the blog post added. The hackers didn't appear to be targeting any specific industry or companies; they are merely looking for businesses that can be easily compromised.
Though the tactics here are fairly simplistic, "It's important to remember that less skilled attackers can still cause major damages to a targeted company," said Gavin O'Gorman, principal intelligence analyst at Symantec, in a statement to SCMagazine.com. "The attackers in this case used basic social-engineering tactics to gain access, which proved to be successful in spreading RATs quickly and effectively."