Businesses need to be more aware of ‘Silver Spaniel’ malware campaigns, which are targeting New Zealand organisations, according to Palo Alto Networks.
The enterprise security company says cyber criminals in Nigeria have evolved common malware campaigns – known as 419 scams and traditionally focused on gaining credit card details or personal information from individuals – to infiltrate businesses that have not previously been their primary targets.
The more advanced techniques have been code-named Silver Spaniel.
“The evolution of 419 scams to Silver Spaniel is a real concern for New Zealand businesses,” says Ryan Olson, Palo Alto Networks Unit 42 intelligence director.
“Silver Spaniel actors are using new techniques to perform business infiltrations. Their objective is to steal password and other data they can use to further compromise their victims.
“This new approach is an evolution of the technique in that criminals are suing malware and a crypter program to collect the information they previously got be tricking victims through social engineering. What’s more, their techniques collect the desired information from businesses without requiring a direct interaction,” he says.
“New Zealand businesses must consider themselves potential new targets for Silver Spaniel and act to avoid becoming a target.”
Attackers use the same tools that more sophisticated criminal and espionage groups are using to steal information. Palo Alto says those tools include NetWire, a commercial remote administration tool (Rat) that targets Windows, MacOS and Linux, and gives attackers control of an infected system. DataScrambler, a ‘crypter’ designed to make malware fully undetectable to antivirus software is also being used Palo Alto says.
Traditional antivirus programs and firewalls are ineffective against the attacks because the tools are specifically designed to evade them, and update regularly to stay ahead of the industry.
“A business that is experiencing one of these attacks might assume it came from Eastern Europe or a hostile espionage group, but in reality it's a new threat group they haven't had to worry about in the past,” says Olson.
“This is yet another threat group that businesses need to worry about, adding to an already long list.”
To protect against the NetWire Rat, Palo Alto Networks has released a free tool to decrypt and decode command and control traffic and reveal data stolen by Silver Spaniel attackers.