Last Updated on 23/01/2022 by Nidhi Khandelwal
A coordinated law enforcement investigation has resulted in the arrest of 11 persons reportedly belonging to a Nigerian cybercrime gang known for targeting more than 50,000 victims in recent years with Business Email Compromise (BEC) assaults.
The BEC network was disrupted in December 2021 as a consequence of a ten-day Interpol investigation titled Operation Falcon II, which included involvement from the Nigeria Police Force’s Cyber Crime Police Unit.
Six of the 11 suspects are believed to be members of a prolific group of Nigerian cyber actors known as SilverTerrier, according to cybersecurity firms Group-IB and Palo Alto Networks’ Unit 42, which both exchanged information on the threat actors and their
infrastructure (aka TMT).
BEC attacks, which became popular in 2013, are complex scams that use social engineering to infiltrate corporate networks and then use their access to initiate or reroute business funds to attacker-controlled bank accounts for personal benefit.
“On his laptop, one of the apprehended suspects had over 800,000 potential victim domain credentials,” Interpol said in a statement. “Another suspect had been listening in on 16 firms’ chats with their clients and moving money to ‘SilverTerrier’ whenever a company transaction was going to take place.”
To date, SilverTerrier has been linked to 540 different clusters of activity, with the group increasingly using remote access trojans and malware disguised as Microsoft Office documents to launch attacks. Since 2014, Unit 42 has discovered almost 170,700 samples of malware explicitly connected to Nigerian BEC perpetrators, according to a report published in October 2021.
The new arrests are part of Operation Falcon 2, which saw three accused members of the SilverTerrier gang apprehended in November 2020 for allegedly compromising at least 500,000 government and commercial sector companies in more than 150 nations since 2017.
“The most common and costly danger to our consumers remains BEC,” Unit 42 researchers warned. “Global losses have risen from $360 million in 2016 to a startling $1.8 billion in 2020,” according to the report.
Organizations should review network security policies, periodically audit mail server configurations, employee mail settings, and conduct employee training to ensure that wire transfer requests are validated using “verified and established points of contact for suppliers” to mitigate such financial attacks.