A series of cyberattacks has been targeting the oil and gas sector in what appears to be an effective variant of the so-called Nigerian email scam, security researchers said Monday.
Spain-based Panda Security claimed in a new report, "Phantom Menace", that 10 companies had been hit by the campaign, getting them to pay for non-existent crude.
According to Panda, the fraudsters offer a large amount of high-quality Bonny light crude oil from Nigeria, which is sought after due to its low sulfur content, "at a very competitive price."[/b]
The criminals are able to provide fake "documentary evidence that the product exists" and subsequently request the buyers make a deposit of $50,000 to $100,000.
"However, once they pay the money they are met with the nasty surprise that there is no oil," the report said.
Panda said it has identified the attackers but is unable to report the matter to authorities because none of the companies affected have come forward. Police can’t begin investigating because none of the firms affected are prepared to report the crime – preferring to keep quiet for fear of harming their corporate reputation.
Researchers at Panda managed to trace the attack back to a single actor operating from a suburb of Nigerian capital Lagos, by tracing the FTP connection used to send out the stolen data.
"Panda Security stands ready to identify the individual to authorities, but without any credible reports being volunteered by the alleged victims, the authorities are unable to launch their investigations or make any arrests," the company said in a statement.
It added that it hopes the report "will shed light on the potential damage of the Phantom Menace and encourage companies to take the necessary steps against the perpetrator."
Pdf: http://www.pandasecurity.com/mediacente ... ker-en.pdf
http://www.infosecurity-magazine.com/ne ... ights-oil/
FBI Cyber Notification: Chinese Cyber Espionage Against U.S. Government and Business Networks
The FBI is providing the following information with HIGH confidence:
The FBI has obtained information regarding one or more groups of cyber actors who have compromised and stolen sensitive business information from US commercial and government networks through cyber espionage. Analysis indicates a significant amount of the computer network exploitation activities emanated from infrastructure located within China. Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.