Social engineering is emerging as one of the most prolific and 
effective methods that cybercriminals use to deceive victims. And now it’s being leveraged by scammers, traditionally reliant on basic spamming emails, who are evolving to more sophisticated methods.
Hawkeye, a keylogger tied to Predator Pain and Limitless has been recently exposed by Trend Micro. Two Nigerian hackers were using the malware to infiltrate SMBs around the globe through holiday themed social engineering techniques—with notable success.
“Hackers have now been witnessed attacking SMBs and it is essential for us to be ready to combat any such attacks. As per our recent research, we believe that social engineering techniques which are being extensively utilised by SMBs have emerged as the route for these hackers. As a regular practice, along with offering best of solutions we will continue to inform our existing and prospective users on any such advanced persistent threats,” Dhanya Thakkar
Managing Director, Asia Pacific, Trend Micro.
The scammers are using the Hawkeye keylogger to steal email and website credentials, as well as logging keystrokes. These particular hackers are patient, building a level of rapport with their victims through a series of emails prior to delivering the malware-infested attachment. The attachment is also disguised by cryptors so the victim remains unaware of the attack on their system.
Additionally, the duo covered their tracks by using exfiltration via SMTP, as well as multiple email accounts, in 90 percent of the campaigns. It’s noteworthy that this sophisticated methodology is a departure for Nigerian scammers who usually use simpler attack vectors such as generic spamming, possibly introducing a new breed of hackers from this region.
Solution
Trend Micro protects users from attacks similar to the ones launched by Uche and Okiki by detecting and blocking its different components. Trend Micro Custom Defense solutions can block emails sent even before they reach the target as it is able to identify the malicious attachment, link, and even the social engineering techniques used. They can also block the malicious traffic triggered by the communication between the HawkEye variants and the cybercriminals.
Trend Micro Complete User Protection solutions offers multiple layers of protection from the endpoint level such as detecting the HawkEye variants and blocking all related IPs and URLs.
For further information: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-piercing-hawkeye.pdf http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/hawkeye-nigerian-cybercriminals-used-simple-keylogger-to-prey-on-smbs
http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminal-sharpshooters-nigerian-scammers-use-hawkeye-to-attack-small-businesses/
