Researchers at Trend Micro have produced a report detailing how cyber criminals use low-cost ($40) remote access tools (RATs) obtained via underground forums to victimize SMBs.
The attacks start with the criminals harvesting publicly available corporate email addresses from the companies’ sites (think info@<yourdomain>.com), then sending business themed emails with effective social engineering lures aimed at making the recipient download and run the attached malware.
The malware were two kinds of simple keyloggers called “Predator Pain” and “Limitless.” Investigations revealed that Predator Pain allowed attackers to obtain various corporate email credentials while both keyloggers allowed access to corporate and personal webmail service and social media accounts (e.g., Yahoo!, Google, Facebook, and Twitter).”Attackers, after obtaining access to infected computers and the credentials stored in them, sit on a gold mine of information that they can use for various criminal and fraudulent activities,” the researchers noted. “Successfully stealing online banking credentials can lead to financial theft.
Some of the stolen information provide attackers more leverage for subsequent attacks. They can, for instance, get their hands on actual emails and use these to ‘hijack’ ongoing transactions between their chosen victims and their clients. Most of the stolen data can be used for continued monitoring. Attackers can reroute their victims’ incoming emails to their own inbox for later use. Or for quicker gains, attackers can also package and sell the information they stole to cybercriminal peers underground.”
“SMBs may not be involved in multimillion-dollar deals but they do conduct transactions worth tens to hundreds of thousands of dollars,” the researchers noted. “Even worse, their employees may not even be aware of general IT security best practices. And based on this paper’s findings, they are indeed attractive and vulnerable targets.
“As the world relies more and more on Web services (e.g., webmail), all it will take to ruin a business is a single compromised online account.”