Eh?
Companies losing money over compromised accounts I can accept - but how does that translate into a payday for the nefarious miscreant?
A seemingly state-sponsored cyberattack aimed at more than 4,000 infrastructure companies has been blamed on a lone Nigerian cybercriminal. The campaign started in April 2017, and has targeted some of the largest international organisations in the oil, gas, manufacturing, banking and construction industries. The global scale …
Because if you access the emails of a financial person, you can send fake emails that say things like:
"Please be aware that we are changing our invoicing details from XYZ to ABC as of 1st September."
And because your email looks similar to previously received, and because you knew the previous invoicing details (thanks to the emails you steal) then financial person will remit to your new invoice address.
That's just one way.
Any infrastructure improvements that the Nigerian or other emerging government makes, such as in distribution, billing, generation etc, will need hardening against new threats such as these recent cyber attacks. These criminal activities, as well as action along a more militaristic line, have caught out companies in so-called developed nations as well. So to say that the UK, EU and USA’s energy and nuclear legislation and their plans for construction and operation are fully matured models ready for adaptation and adoption in developing and emerging nations would be a naive statement indeed. This makes the goal of new nuclear generation, indeed ANY new generation, much more daunting. The engineers are constantly busy playing catch-up in "rich" states, so any cascading of talent and knowledge to the "poor" states will be a somewhat forced condition rather than a natural gradient of opportunity.
All around the world the Finance Departments are having nightmares. Actually, I find it hard to believe that this could work, and I suppose it didn't for most companies but, really, haven't management realized that it is a big naughty world out there and that big naughty world is within touching distance of the company's systems and staff.
"haven't management realized that it is a big naughty world out there and that big naughty world is within touching distance of the company's systems and staff."
Well yes, unless it involves their pet project / favourite toy in which case all the bad things must be made to go away or at least the blame shifted to a minion.
Nigerian law enforcement agencies have responded:
"We are moving aggressively to contain this incorrigible criminal, but have a temporary funding issue involving an internal bank transfer. If you could transfer $200 000 pounds into the account listed in the attachment we could free up resources while the original transfer clears and would reimburse you with ten percent interest when it does, honest."
Financial Managers from $BIGBUCKS companies gets scammed by a random guy, whose only effort in this was "kindly ask for the money wearing a fancy suit" we could say, and HE is the problem?
I wonder how these people manage to survive the home-to-work route without trading their houses for magic beans, after all.
Im not defending the actions of this chap but...
Id say using nothing but off the shelf tools and his wit is a demonstration of remarkable skill and ingenuity.
On the flipside, being on the receiving end not being about to outwit this guy and prevent infection from a garden variety of malware demonstrates a remarkable lack of skill.
Is our industry resorting to common mudslinging and belittling in hope that damaging a hackers ego is a credible line of defense or deterrent? I hope not.
This reeks of "I only lost the game because I didnt know my opponents moves".