Silver Spaniel a threat to Australian businesses

Australian businesses need to be more aware of common malware campaigns known as ‘Silver Spaniel’ campaigns, which are targeting their organisations, says Palo Alto Networks.

Nigerian scammers are known for running 419 phishing scams that attempt to collect credit card details or personal information from individuals. Over the past few years these scammers have expanded their skills to target businesses using more advanced techniques codenamed Silver Spaniel.

Ryan Olson, Unit 42 intelligence director, Palo Alto Networks, said, “The term 419 scams comes from the Nigerian criminal code for this type of fraud. Despite the origins of the term, we are also seeing 419 scams originating from other countries. This will continue to be an international problem. And now the evolution of 419 scams to Silver Spaniel is a real concern for Australian businesses.

“Silver Spaniel actors are using new techniques to perform business infiltrations. Their objective is to steal password and other data they can use to further compromise their victims.

“This new approach is an evolution of the technique in that criminals are using malware and a crypter program to collect the information they previously got by tricking victims through social engineering. What’s more, their techniques collect the desired information from businesses without requiring a direct interaction.

“Australian businesses must consider themselves potential new targets for Silver Spaniel and act to avoid becoming a target.”

Attackers are using the same tools that more sophisticated criminal and espionage groups deploy to steal information. These include NetWire, a commercial remote administration tool (RAT) that targets Windows, MacOS and Linux, and gives attackers control of an infected system. The other is DataScrambler, a ‘crypter’, which is designed to make malware fully undetectable (or FUD) to antivirus software.

This means that traditional antivirus programs and firewalls are ineffective against the attacks because the tools are specifically designed to evade them. The tools update on a regular basis to stay ahead of the industry.

“A business that is experiencing one of these attacks might assume it came from Eastern Europe or a hostile espionage group, but in reality it's a new threat group they haven't had to worry about in the past," said Olson. "This is yet another threat group that businesses need to worry about, adding to an already long list.”

Image courtesy Intel Free Press under CC