LAS VEGAS – Poor operational security on the part of Nigerian scammers running a Business Email Compromise (BEC) scheme has given researchers a window into their operations.
Dell SecureWorks today published a report at Black Hat USA 2016 on what the criminals involved call wire-wire, or “waya-waya.” These attackers aren’t particularly sophisticated malware coders, for example, but the operation is adept at targeting executives in certain industries with phishing attacks that ultimately lead to fraudulent wire transfers, resulting in hundreds of thousands of dollars being lost. Manufacturing firms, chemical operations and other high-value organizations have been targeted by these campaigns that go much deeper than simply spoofing emails ordering confirming wire transfers.
The attackers behind these scams are using malware to attack email servers and sit man-in-the-middle style intercepting and redirecting messages in order to score a big pay day.
Lack of authentication and encryption allow attackers to easily steal payment card data and PIN numbers from point-of-sale systems.
Many of the large payment card breaches that hit retail and hospitality businesses in recent years were the result of attackers infecting point-of-sale systems with memory-scraping malware. But there are easier ways to steal this sort of data, due to a lack of authentication and encryption between card readers and the POS payment applications.
POS systems are specialized computers. They typically run Windows and have peripherals like keyboards, touch screens, barcode scanners and card readers with PIN pads. They also have specialized payment applications installed to handle transactions.
One of the common methods used by attackers to steal payment card data from PoS systems is to infect them with malware, via stolen remote support credentials or other techniques. These malware programs are known as memory or RAM scrapers because they scan the system's memory for credit card data when it's processed by the payment application on the POS system.
But on Tuesday at the BSides conference in Las Vegas, security researchers Nir Valtman and Patrick Watson, from U.S.-based POS and ATM manufacturer NCR, demonstrated a stealthier and more effective attack technique that works against most "payment points of interaction," including card readers with PIN pads and even gas pump payment terminals.
Almost half of all companies have been the victims of a ransomware attack during the past 12 months, according to a new report. And while globally, 40 percent of them have paid the ransom, 97 percent of U.S. companies did not.
Specifically, 75 percent of enterprise victims paid up in Canada, 58 percent in the U.K., and 22 percent in Germany, according to an Osterman Research survey of hundreds of senior executives in the U.S., Canada, German and the U.K.
A researchers said that a vulnerability was found within how the company uses SMS text messages to sign up new devices to the service. Anderson and Guarnieri claim that when a user logs into Telegram from a new smartphone, authorization codes are sent via SMS which in turn can be intercepted by the phone company and shared with cyberattackers.
This is particularly a problem when communications providers are heavily monitored or owned by states which want to keep track of their citizens. This year in Iran, for example, the country's government demanded that foreign messaging service providers must store Iranian citizen data within the country -- where law enforcement has easy access.
Once compromised SMS codes have been acquired, the cyberattacker can add new devices to the Telegram account, they can read chat histories and also intercept new messages.