World Ranks Nigeria Third in Global Cybercrime Activity

World Ranks Nigeria Third in Global Cybercrime Activity

The digital landscape of Nigerian cybercrime has undergone a dramatic transformation since the days of the pre-internet 419 scams. Today, these criminal activities have grown in size and scale, posing a significant threat to businesses and individuals alike.

Recent investigations and reports, such as Unit 42's SilverTerrier, have revealed a highly organized and persistent threat that primarily leverages social engineering techniques to target established companies, particularly those in the transportation and aviation industries.

Interpol recently announced the arrest of a Nigerian actor believed to be responsible for worldwide losses in excess of $60 million, with over $15.4 million originating from a single victim organization. This individual is part of a network of long-running Nigerian cybercrime groups, including those linked to SilverTerrier and Muddled Libra (also known as Scattered Spider).

These groups are highly adept at social engineering techniques, such as phishing, smishing (SMS phishing), and vishing (voice phishing). They often impersonate employees to bypass security controls like multi-factor authentication (MFA) and reset passwords.

The most common attack vector is business email compromise (BEC). For example, phished executives' inbox credentials are used to mine legitimate communications about invoices. Attackers intercept or modify invoice emails with fraudulent payment instructions sent from look-alike domains mimicking genuine company domains.

Domains linked to a single email address ([email protected]) have been used to register hundreds of nearly identical domains to legitimate companies, enabling phishing campaigns globally, particularly targeting aerospace and transportation companies.

Attackers frequently deploy advanced social engineering to bypass MFA and gain access to high-value accounts. While some groups occasionally use malware, there is an emphasis on minimizing malware usage to evade detection, relying more on social engineering and misuse of victim infrastructure.

Financial impacts are significant; one reported case involved a six-figure loss due to a customer paying a fake invoice resulting from such a phishing attack. These BEC and social engineering campaigns continue to be lucrative for actors, extending their reach across multiple sectors beyond aviation and transportation, including government, retail, and insurance.

The Unit 42 team suggests that these actors have had a significant impact on businesses worldwide, with losses exceeding $49 million in 2015. As these cyber actors become more organized, they are using social media to communicate, coordinate, and share tools and techniques.

Business email compromise (BEC) and business email spoofing (BES) are two techniques that have recently gained popularity among Nigerian cyber actors. Once inside a victim's network, these actors use social engineering to dupe victims into authorising electronic bank transfers.

Nigerian cyber actors have seen lucrative returns ranging from tens of thousands up to millions of dollars from victim organizations in the past year. Malware attacks in Nigeria have grown significantly over the past 2 years, with current rates of 5,000-8,000 per month.

The age range of Nigerian cyber actors spans from late teenage years to their mid-40s. These scams, named "419 scams" based on a section of the Nigerian criminal code, transitioned to digital form as Nigeria began offering internet services in the mid-1990s.

By 2008, Nigeria was listed as third in the world for conducting cybercriminal activity by the Federal Bureau of Investigation. Older Nigerian actors who were successful with traditional 419 scams and social engineering are working with younger actors who bring an understanding of malware.

Domains are designed to impersonate legitimate organizations and "crypters" are used to disguise commodity malware by Nigerian cyber actors. These malware attacks are largely victim-agnostic, spanning all major industry verticals and focusing more on businesses than individuals.

In 2015, Nigeria regained the number 3 spot for cybercriminal activity, as reported in the same Internet Crime Report. The Unit 42 team found that Nigerian actors have moved away from their traditional 419-style email scams, favouring more sophisticated social engineering techniques.

The '419 scams' originated in Nigeria in the 1980s and were based on advance-fee types of scams. As the digital age evolves, it is crucial for businesses and individuals to stay vigilant and aware of these threats to protect themselves from falling victim to these sophisticated cybercrime tactics.

1. The '419 scammers' have now transitioned from using traditional methods to leveraging technology, such as social media and email, for sophisticated cyber attacks, particularly business email compromise (BEC) and business email spoofing (BES).
2. As cybersecurity becomes increasingly important in the current digital landscape, understanding the role of technology in financing these nefarious activities, like in the case of the SilverTerrier group, is vital for implementing effective countermeasures.

Read also: