Weekly Executive Summary for Week of June 23, 2017

By Bryce Briggles on June 21, 2017

Nigerian Business Email Compromise Attacks

What is it?

Over the past several months, researchers at Kaspersky have seen over 500 companies in 50 countries get attacked by Nigerian phishing email scams.  Most of the affected companies are from the industrial and transportation sectors.  The Nigerian attackers were able to exfiltrate sensitive network diagrams, technical drawings, and project plans. Kaspersky Lab’s ICS CERT released a report on these scams last week.  

As with most phishing attacks, the victims click or download malicious links and attachments from emails that look authentic.  In this case the emails had malicious RTF files that exploited the CVE-2015-1641 vulnerability.  Once a machine is infected, the attackers are able to conduct man-in-the-middle attacks, track company transactions, take screenshots, and redirect the victim’s emails.

 

Mitigation for BEC

The following are protection measures against social engineering:

  • Train employees on basic cyber-hygiene and how to identify a malicious email.
  • Teach workers about the tools and techniques attackers may use against them.
  • It is ideal to confirm with the seller by phone if you received an unexpected request to change banking information during a transaction.

The following measures are meant to lessen chances of infection and any potential damage:

  • Install a security solution on servers and workstations if possible.
  • Keep all operating systems and software up to date.
  • If a machine is compromised, change all the passwords for accounts on that machine.
  • Send suspicious emails, attachments, or domain names to security experts to examine.

The following measures are recommended for protecting industrial information systems:

  • Use application startup control and whitelisting.
  • Install passive monitoring tools to monitor activity on the network.
  • Install tools that deeply analyze network traffic.
  • Minimize the amount and scope of software products used.

For more information on ICS best practices click here.

Sources:
https://www.scmagazineuk.com/nigerian-scammers-launch-phishing-attacks-against-industrial-companies/article/669241/
https://threatpost.com/nigerian-bec-scams-hit-500-companies-in-50-countries/126298/
https://securelist.com/nigerian-phishing-industrial-companies-under-attack/78565/

Note: The purpose of the weekly executive summary is to provide useful information that a business or agency could use in both its cybersecurity and business strategies. In order for this website to serve the community we need to know your concerns and questions about (for example) proper safeguards for technology you’re looking into or what sets of compliance and governance policies would you need to operate a particular business. The CSCC openly invites you to send in your inquiries. We’ll have students research your issues and provide an analysis of the information at hand to guide you with all things cybersecurity. Mail us at: uhwocscc@hawaii.edu

Related Posts