A pair of security researchers recently uncovered a Nigerian scammer ring that they say operates a new kind of attack called “wire-wire” after a few of its members accidentally infected themselves with their own malware. Over the past several months, they’ve watched from a virtual front row seat as members used this technique to steal hundreds of thousands of dollars from small and medium-sized businesses worldwide.
“We’ve gotten unprecedented insight into the very nitty-gritty mechanics of their entire operation,” says James Bettke, a researcher at SecureWorks, a subsidiary of Dell Inc. focused on cybersecurity. Bettke and Joe Stewart, who directs malware research for SecureWorks, are presenting the details of their findings this week at the annual Black Hat security conference in Las Vegas.
This new type of attack is a twist on an old favorite. For years, rings of scammers in West Africa have stolen money from companies through a technique known as “Business Email Compromise,” or BEC, in which they use internal corporate email accounts to execute fraudulent financial transactions. Or, in another approach known as “spoofing,” scammers have impersonated a CEO’s email from an external account to persuade an employee to send a wire transfer to their own bank account…Read more