Menu
Attack campaign uses keylogger to hijack key business email accounts

Attack campaign uses keylogger to hijack key business email accounts

Companies from 18 countries were targeted with the Olympic Vision keylogger, researchers warn

A new email-based attack campaign is targeting key employees from companies in the U.S., Middle East and Asia with the goal of compromising their computers and email accounts.

This type of attack is known as business email compromise (BEC) and involves attackers hijacking the email accounts of business executives or accounting employees who typically authorize financial transactions inside organizations.

Their hijacked email accounts can then be used to trick other employees, suppliers or business partners to initiate fraudulent payments to accounts controlled by the attackers.

Security researchers from antivirus firm Trend Micro recently detected an attack against companies from 18 countries where key employees were targeted with emails that contained a commercial keylogger program called Olympic Vision.

The rogue emails masqueraded as messages from business partners pertaining to recent bank transfers and invoices with alleged errors. Instead of real documents, the emails had the Olympic Vision keylogger attached.

This malware program is not very sophisticated, but for the purpose of these attacks it doesn't need to be. A toolkit to customize and generate the malicious installer can be acquired for as little as $25 on the black market.

Once installed on a computer, Olympic Vision steals information about: the system configuration; log-in credentials saved in browsers, email clients, FTP programs and instant messaging applications; key strokes; network information; clipboard images and text. It can also take screen shots.

This information helps attackers to identify valuable computers, gain access to email accounts and understand the internal accounting workflows of the targeted companies. They can then use the information to convince others to initiate fraudulent payments.

"We looked at the trail of Olympic Vision keyloggers being used in the wild to check for organized activity, and were able to trace the identities of the actors, and positively identified two Nigerian cybercriminals -- one operating from Lagos, and the other from Kuala Lumpur," the Trend Micro researchers said in a blog post.

Business Email Compromise has become a serious issue over the past two years, the FBI estimating that businesses worldwide have lost over a billion dollars to such scams. Reports earlier this year claimed that Belgian bank Crelan lost 70 million euros and Austrian airplane parts manufacturer FACC Operations lost 50 million euros following BEC attacks.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments