Trend Micro reveals new cybercriminal tactics, prevents attacks of Nigerian businesses

Trend Micro reveals new cybercriminal tactics, prevents attacks of Nigerian businesses 

 

Trend Micro Incorporated, a global cybersecurity leader, has blocked over 10 million email threats, 800,000 malicious URLs and almost 4,500 dangerous mobile apps targeted at Nigerian businesses and consumers between January and June 2023.

This comes at a time the complexity of the country’s cybersecurity threat landscape continues to intensify.

These findings are brought to life by the Trend Micro 2023 Midyear Cybersecurity Threat Report, which presents highlights from the company’s telemetry, covering the broadest attack surface view across millions of commercial and consumer clients.

The report also uncovers key trends in criminal techniques, tactics and threat actor activity, providing important guidance for defenders looking to stay one step ahead of calculating cyber criminals.

“With each passing month, the local threat landscape becomes more intricate and convoluted.

“Our latest research shows that illegal actors are shifting targets and getting increasingly creative to become more efficient and prolific.

“Prioritising a set of proactive and holistic security solutions has never been more important,” says Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro.

Ransomware groups are collaborating on ever shifting targets.

During the first half of 2023, around 2.4 million malware families were blocked by Trend Micro in Nigeria.

Ransomware, in particular, is a challenge for local companies, with hundreds of ransomware detections in June alone.

However, the Midyear Report offers valuable insight into the ways in which ransomware groups are operating – not only updating their tools and techniques to extract data more efficiently, but also adapting their business models.

Earlier this year, Trend Micro researchers discovered a new ransomware that uses legitimate search engine tools to search for files to encrypt.

Investigation into this new ransomware, which researchers named ‘Mimic’, suggests a connection with the larger and more notorious Conti ransomware group.

It is suspected that collaboration between these criminal groups helps them lower costs and increase their market presence while also maintaining the efficacy of their criminal activities.

According to the report, many ransomware players are also turning their data exfiltration efforts toward tactics such as cryptocurrency theft and business email compromise (BEC).

AI making hackers more productive

Another key trend that emerged in the first half of 2023 was the use of AI by cybercriminals to carry out virtual crimes more efficiently.

A significant number of Nigerian businesses have implemented AI in some form in a bid to elevate their operations – but they are not the only ones.

Recently, malicious actors have abused AI technology to accurately impersonate real people as part of their attacks and scams.

In fact, imposter scams such as virtual kidnapping are becoming increasingly rampant globally.

In the case of virtual kidnapping, malicious actors are able to create a deepfake voice of their victim’s child and use it as proof that they have the child in their possession to pressure the victim into sending large ransom amounts.

At the same time, ChatGPT and other AI tools are enabling criminals to automate the gathering of information, formation of target groups, and identification of vulnerable behaviours.

This is helping them lure big-name victims (also known as “big fish”) in harpoon whaling attacks.

Whaling involves tricking executives and directors through phishing campaigns for the purpose of stealing information or siphoning large sums of money.

Harpoon whaling, on the other hand involves extensive research on targeted individuals.

This attack is a highly targeted social engineering scam that involves emails crafted with a sense of urgency and that contain personalised information about the targeted executive or director.

With AI tools becoming increasingly adept at creating text that can seem human-crafted, the effort needed to attack executives has been drastically reduced, making the targeting of hundreds of thousands of executives easier than ever before.

Threat actors are innovating, finding new ways to target victims

As innovations continue to evolve and involve more data, threat actors have also been finding more ways to victimise people.

For example, today’s connected cars contain over 100 million lines of code, giving smart functionality to the user but also opening doors to hackers.

As more smart cars saturate the market, attackers will try to gain access to user account data and leverage it for crimes.

By hijacking or stealing such an account via phishing for credentials or installing malware, a cybercriminal could locate the car, break into it and potentially sell it on for parts or follow-on crimes.

They might even be able to locate the owner’s home address and target it for burglary when they are not in.

Threat actors have also been casting a wider net by leveraging vulnerabilities in smaller platforms for more specific targets, such as file transfer service MOVEit, business communications software 3CX, and print management software solution PaperCut.

“The increasingly sophisticated tactics being employed by hackers present a particular concern for local businesses which face untold potential damages at the hands of these malicious actors,” says Zaheer Ebrahim, Solutions Architect, Middle East and Africa at Trend Micro.

“It’s critical for defenders to gain a thorough understanding of the potential risks they are facing.

Knowing these threats will help them make more informed decisions and ultimately take proactive measures to stay ahead in the increasingly convoluted cat and mouse game of cybersecurity.”