id2958070cyberespionage3100601454orig
Security

Attack campaign uses keylogger to hijack key business email accounts

A new email-based attack campaign is targeting key employees from companies in the U.S., Middle East and Asia with the goal of compromising their computers and email accounts.

This type of attack is known as business email compromise (BEC) and involves attackers hijacking the email accounts of business executives or accounting employees who typically authorize financial transactions inside organizations.

Their hijacked email accounts can then be used to trick other employees, suppliers or business partners to initiate fraudulent payments to accounts controlled by the attackers.

Security researchers from antivirus firm Trend Micro recently detected an attack against companies from 18 countries where key employees were targeted with emails that contained a commercial keylogger program called Olympic Vision.

The rogue emails masqueraded as messages from business partners pertaining to recent bank transfers and invoices with alleged errors. Instead of real documents, the emails had the Olympic Vision keylogger attached.

This malware program is not very sophisticated, but for the purpose of these attacks it doesn't need to be. A toolkit to customize and generate the malicious installer can be acquired for as little as $25 on the black market.

Once installed on a computer, Olympic Vision steals information about: the system configuration; log-in credentials saved in browsers, email clients, FTP programs and instant messaging applications; key strokes; network information; clipboard images and text. It can also take screen shots.

This information helps attackers to identify valuable computers, gain access to email accounts and understand the internal accounting workflows of the targeted companies. They can then use the information to convince others to initiate fraudulent payments.

"We looked at the trail of Olympic Vision keyloggers being used in the wild to check for organized activity, and were able to trace the identities of the actors, and positively identified two Nigerian cybercriminals -- one operating from Lagos, and the other from Kuala Lumpur," the Trend Micro researchers said in a blog post.

Business Email Compromise has become a serious issue over the past two years, the FBI estimating that businesses worldwide have lost over a billion dollars to such scams. Reports earlier this year claimed that Belgian bank Crelan lost 70 million euros and Austrian airplane parts manufacturer FACC Operations lost 50 million euros following BEC attacks.

IDG Insider

PREVIOUS ARTICLE

« Slack users, meet Lookerbot: a new tool that brings your data into the conversation

NEXT ARTICLE

MSI's tiny, cylindrical Vortex gaming PC hits the streets with dual GeForce GTX 980s »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

20 Red-Hot, Pre-IPO companies to watch in 2019 B2B tech - Part 1

Martin Veitch's inside track on today’s tech trends

Training and certification for a cloud native world

Keri Allan looks at the latest trends and technologies

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Poll

Do you think your smartphone is making you a workaholic?