Multiple banks and other financial companies in several West African countries have suffered from different hacking attacks, which are underway since mid-2017
According to a report published by Symantec, financial institutions in Cameroon, Congo (DR), Equatorial Guinea, Ghana, and the Ivory Coast have been hit by multiple cyber-attacks in 2017 and 2018. Symantec stated the intruders who are behind these attacks were unknown.
Symantec stated that it has detected four distinct hacking campaigns targeted against financial firms in Africa. The first attack started in mid-2017, and has infected computers with a malware known as NanoCore (Trojan.Nancrat). The second type of attack began in late 2017, in which cybercriminals used malicious PowerShell scripts and credential-stealing tool Mimikatz (Hacktool.Mimikatz) to exploit their targets.
The third attack was targeted at banks in Ivory Coast using a malware called Remote Manipulator System RAT (Backdoor.Gussdoor), alongside Mimikatz and two custom Remote Desktop Protocol (RDP) tools. The fourth attack started in December 2018. The intruders used a malware known as Imminent Monitor RAT (Infostealer.Hawket) to attack banks in Ivory Coast. Symantec stated that all the four attacks were discovered through alerts generated by its Targeted Attack Analytics (TAA), which uses artificial intelligence to analyze and spot targeted attacks.
“A growing number of attackers in recent years are adopting “living off the land” tactics—namely the use of operating system features or network administration tools to compromise victims’ networks. By exploiting these tools, attackers hope to hide in plain sight, since most activity involving these tools is legitimate. However, in each case, a TAA alert was triggered by the attackers maliciously using a legitimate tool. In short, the attackers’ use of living off the land tactics led to the discovery of their attacks,” Symantec said in a statement.
In a similar finding, Symantec revealed that cybercriminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded. The cybersecurity company provided a comprehensive view of the threat landscape, including insights into the global threat activity, cybercriminal trends, and motivations for attackers.
The report analyzes data from the Symantec Global Intelligence Network, the largest civilian threat collection network in the world, records events from 126.5 million attack sensors worldwide and monitors threat activities in over 157 countries and territories.