Businesses need to be more aware of common malware campaigns such as ‘Silver Spaniel’ and Nigerian 419 scams, which are targeting Australian organisations, according to Palo Alto Networks.
Nigerian scammers are known for running 419 phishing scams that attempt to collect credit card details or personal information from individuals.
Over the past few years these scammers have expanded their skills to target businesses using more advanced techniques code-named Silver Spaniel.
Palo Alto Networks, Unit 42 intelligence director, Ryan Olson, said the term 419 scams comes from the Nigerian criminal code for this type of fraud.
"Despite the origins of the term, we are also seeing 419 scams originating from other countries," he said.
"This will continue to be an international problem. And now the evolution of 419 scams to Silver Spaniel is a real concern for Australian businesses."
Olson said Silver Spaniel actors were using new techniques to perform business infiltrations.
"Their objective is to steal password and other data they can use to further compromise their victims," he said.
“This new approach is an evolution of the technique in that criminals are using malware and a crypter program to collect the information they previously got by tricking victims through social engineering.
"What’s more, their techniques collect the desired information from businesses without requiring a direct interaction.
“Australian businesses must consider themselves potential new targets for Silver Spaniel and act to avoid becoming a target.”
Attackers are now using the same tools that more sophisticated criminal and espionage groups deploy to steal information.
These include NetWire, a commercial Remote Adminstration Tool that targets Windows, MacOS and Linux, and gives attackers control of an infected system.
The other is DataScrambler, a ‘crypter’, which is designed to make malware fully undetectable to antivirus software.
This means that traditional antivirus programs and firewalls are ineffective against the attacks because the tools are specifically designed to evade them. The tools update on a regular basis to stay ahead of the industry.
Olsen said a business that was experiencing one of these attacks might assume it came from Eastern Europe or a hostile espionage group.
"But in reality it's a new threat group they haven't had to worry about in the past," he said.
"This is yet another threat group that businesses need to worry about, adding to an already long list.”