Through our analysis, it remains clear that Nigerian cyber actors will continue to expand their attacks in terms of size, scope and capabilities. According to law enforcement organizations, the exposed losses to businesses worldwide from these threat actors are now estimated to be more than US$3 billion. Given the substantial risk these actors pose, we present techniques to enable large-scale attribution efforts to combat this threat. In doing so, we demonstrate a repeatable and sustainable process to identify SilverTerrier infrastructure and put preventive measures in place prior to the first samples of malware reaching our security products.
The AUTR provides visibility into the real-world threat and application landscape, helping security teams to understand how adversaries are attempting to attack organizations around the world and build proactive, actionable controls. Built by the Unit 42 threat research team, the report correlates data from more than 7,000 enterprise organizations, providing broad visibility into critical trends.
Unit 42 has recently identified malware exploiting an attack technique we have named “BackStab,” in which attackers can capture private information from backup files stored on a Windows PC or Macintosh. Under default conditions, iOS devices plugged into a computer running iTunes may create an unencrypted backup file that contains many types of private information. Forensics experts have known about these backups for years and have used them to capture phone data without requiring direct access to the phone. We have found that malicious attackers are now using malware to steal data using this same technique.