Hackers are attacking UK's SMBs, Symantec says

Security firm Symantec is warning of a hacking campaign that targets any and every small and medium business in India, UK and the US with the goal of stealing money from the affected businesses.

Hackers are using two types of Trojans, use social engineering techniques rather than exploits, and target any company they can. Symantec says the campaign started in 2015 and it targets “employees responsible for accounts and fund transfers”.

They will send emails from stolen and compromised accounts, usually related to finances to try and lure employees to open them. The emails carry a .zip attachment which, if opened, allows the attackers to log key strokes, access the camera and the microphone and steal files and passwords, among other things.

Some email examples include:

  • Re:Invoice
  • PO
  • Remittance Advice
  • Payment Advise
  • Quotation Required
  • Transfer Copy
  • TT Payment
  • PAYMENT REMITTANCE
  • INQUIRY
  • Qoutation
  • QUOTATION
  • Request for Quotation

They use two publicly available remote access Trojans (RAT): Backdoor.Breut and Trojan.Nancrat. Breut was used mostly for Indian targets, while Nancrat was used mostly for the UK.

The fun part begins once the attackers compromise a computer. According to Symantec, they’ll take their time, assessing the computer to find out how to steal money. “In some cases, attackers have been known to even download manuals to figure out how to use certain financial software,” the report says.

Once they’re done, they go back to sending emails, which Symantec believes means the group is small in numbers.

As usual, the security firm warns everyone not to open suspicious attachments and to be careful when using email.