back to article APT-style attack against over 4,000 infrastructure firms blamed on lone Nigerian 20-something

A seemingly state-sponsored cyberattack aimed at more than 4,000 infrastructure companies has been blamed on a lone Nigerian cybercriminal. The campaign started in April 2017, and has targeted some of the largest international organisations in the oil, gas, manufacturing, banking and construction industries. The global scale …

  1. Sir Runcible Spoon
    Paris Hilton

    Eh?

    Companies losing money over compromised accounts I can accept - but how does that translate into a payday for the nefarious miscreant?

    1. Anonymous Coward
      Anonymous Coward

      Re: Eh?

      Because if you access the emails of a financial person, you can send fake emails that say things like:

      "Please be aware that we are changing our invoicing details from XYZ to ABC as of 1st September."

      And because your email looks similar to previously received, and because you knew the previous invoicing details (thanks to the emails you steal) then financial person will remit to your new invoice address.

      That's just one way.

      1. HieronymusBloggs

        Re: Eh?

        "And because your email looks similar to previously received"

        ...as long as nobody bothers to read the header.

        1. Doctor Syntax Silver badge

          Re: Eh?

          "as long as nobody bothers to read the header."

          Header? What's a header? Is it something I'm supposed to read? What's all this mean?

        2. NonSSL-Login
          Facepalm

          Re: Eh?

          The headers are fine as the emails are sent from a compromised machine on the company network using the proper mail box and server though the phished or keylogged credentials.

  2. TRT Silver badge

    Nigeria as an emerging nuclear generator...

    Any infrastructure improvements that the Nigerian or other emerging government makes, such as in distribution, billing, generation etc, will need hardening against new threats such as these recent cyber attacks. These criminal activities, as well as action along a more militaristic line, have caught out companies in so-called developed nations as well. So to say that the UK, EU and USA’s energy and nuclear legislation and their plans for construction and operation are fully matured models ready for adaptation and adoption in developing and emerging nations would be a naive statement indeed. This makes the goal of new nuclear generation, indeed ANY new generation, much more daunting. The engineers are constantly busy playing catch-up in "rich" states, so any cascading of talent and knowledge to the "poor" states will be a somewhat forced condition rather than a natural gradient of opportunity.

  3. Uffish

    Wake Up Call

    All around the world the Finance Departments are having nightmares. Actually, I find it hard to believe that this could work, and I suppose it didn't for most companies but, really, haven't management realized that it is a big naughty world out there and that big naughty world is within touching distance of the company's systems and staff.

    1. 0laf
      Holmes

      Re: Wake Up Call

      "haven't management realized that it is a big naughty world out there and that big naughty world is within touching distance of the company's systems and staff."

      Well yes, unless it involves their pet project / favourite toy in which case all the bad things must be made to go away or at least the blame shifted to a minion.

  4. Doctor Syntax Silver badge

    APT-style attack

    Debian or Ubuntu?

    1. Anonymous Coward
      Anonymous Coward

      Re: APT-style attack

      or BR Class 373?

      1. John Brown (no body) Silver badge

        Re: APT-style attack

        *TILT* Game over!

  5. RareToy

    Is he a prince too? If so, I think I might have received an email from him in my bit bucket.

  6. Stevie

    Bah!

    Nigerian law enforcement agencies have responded:

    "We are moving aggressively to contain this incorrigible criminal, but have a temporary funding issue involving an internal bank transfer. If you could transfer $200 000 pounds into the account listed in the attachment we could free up resources while the original transfer clears and would reimburse you with ten percent interest when it does, honest."

  7. Anonymous Coward
    Anonymous Coward

    So...

    Financial Managers from $BIGBUCKS companies gets scammed by a random guy, whose only effort in this was "kindly ask for the money wearing a fancy suit" we could say, and HE is the problem?

    I wonder how these people manage to survive the home-to-work route without trading their houses for magic beans, after all.

  8. Jonathan 27

    Cybercriminal, seriously? Is it 1995? I thought we dumped that prefix already.

  9. Potemkine! Silver badge

    Was the crook arrested or does the crime still pays?

  10. Anonymous Coward
    Anonymous Coward

    Unskilled?

    Im not defending the actions of this chap but...

    Id say using nothing but off the shelf tools and his wit is a demonstration of remarkable skill and ingenuity.

    On the flipside, being on the receiving end not being about to outwit this guy and prevent infection from a garden variety of malware demonstrates a remarkable lack of skill.

    Is our industry resorting to common mudslinging and belittling in hope that damaging a hackers ego is a credible line of defense or deterrent? I hope not.

    This reeks of "I only lost the game because I didnt know my opponents moves".

    1. DryBones

      Re: Unskilled?

      Nah.

      He's not clever, they're just thick.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like