Security & Fraud

Symantec Spots Attacks On West African Financial Institutions

Symantec Spots Cyberattacks in West Africa

Hackers are targeting financial firms in the Ivory Coast, Cameroon, Congo, Ghana and Equatorial Guinea, using commodity malware and living off the land tools, reported Symantec, the cybersecurity company, in a new blog post.

According to the company's Thursday (Jan. 17) blog post, banks and other financial firms in a number of West African countries have been targeted by hackers who are using a variety of the commodity tools to get in. While Symantec said it's not clear who is behind the attacks, it appears to most likely be several different groups using the same tactics. The attacks started around the middle of 2017, impacting banks and financial services companies in Cameroon, Congo (DR), Ghana, Equatorial Guinea and Ivory Coast.

Symantec said it has observed four attack campaigns that specifically target the financial firms in Africa. The first one targeted firms in Ivory Coast and Equatorial Guinea, infecting victims with commodity malware known as NanoCore. Some of the tools that were used in the attacks were similar to the tactics SWIFT warned about in 2017, noted Symantec. The second attack identified by Symantec started in the late part of 2017 and targeted firms in Ivory Coast, Ghana, Congo and Cameroon. The attacks relied on malicious PowerShell scripts to infect computers and used a credential-stealing tool called Mimikatz, reported Symantec. Once in the networks, hackers infected computers with Cobalt Strike, a commodity malware.

Symantec said the third attack targeted firms in Ivory Coast and involved the use of Remote Manipulator System RAT, another commodity malware, along with other tools. In December of 2018, the fourth type of attack was directed at organizations in Ivory Coast. In this attack, Symantec said hackers used Imminent Monitor RAT, an off-the-shelf malware, to infiltrate networks. Symantec said all four attacks were discovered via alerts generated by its Targeted Attack Analytics (TAA).

"A growing number of attackers in recent years are adopting 'living off the land' tactics — namely the use of operating system features or network administration tools to compromise victims' networks. By exploiting these tools, attackers hope to hide in plain sight, since most activity involving these tools is legitimate," wrote Symantec in the blog post. "However, in each case, a TAA alert was triggered by the attackers maliciously using a legitimate tool. In short, the attackers' use of living off the land tactics led to the discovery of their attacks."



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.