Kill one, Kill all

Transcript

1. KILL ONE, KILL ALL Olakanmi Oluwole Cyber Threat Intelligence Lead,

   Offensive Security, Law Enforcement support, Software Engineer

2. Olakanmi Oluwol 4 Cyber threat intelligence lead% 4 Offensive security%

   4 Law enforcement suppor$ 4 Software enginee 4 Outdoor junkie, fun at parties, music collector, media & entertainment About me

3. Introduction to the African and Nigerian threat landscap 0 Targeted

   industrie' 0 Players and threats Kill one, kill alÆ 0 Taking down a known syndicate AGENDA

4. Nigerian threat actor “Chase the email, forget the female.”

5. Reward is high. Phishing, malware, BEC, ransomware Hacktivism, many victims,

   phishing, impersonation Many victims, low risks, mobile malware Social media, phishing African threat landscape

6. Y oung Nigerians (especially men) who carry out malicious activities

   ranging from romance scams, social media hacking, cyber bullying and blackmail, advance fee frauds, bitcoin frauds, etc. Y ahoo Boys

7. Ghanian version of Yahoo Boys, but involved in rituals intended

   to spiritually manipulate the victims. The threat actors flaunt stylish clothes, luxury cars, and enormous wealth in order to promote such acts. In impoverished areas, some view it as a way to survive. Sakawa Boys

8. SilverTerrier is a Nigerian threat group that has been seen

   active since 2014. The group mainly targets organizations in the fields of high technology, higher education, and manufacturing. It has used malware such as LokiBot, AgentTesla and DarkComet, as well as stealers and other RATs. Some members have been arrested as part of a joint operation (#Operation Falcon) by Group-IB, INTERPOL, and the Nigerian police force. SilverTerrier

9. Kill one, kill all

10. Threa t X Organized group of actors with little 


    or no technical skills Technique  Identity Thef"  Impersonation
  Data harvestin2  Financial thef"  Blackmail social media, instant messengers (WhatsApp, TelegramR

11. Initial detection A random Twitter user publicly reported Threat X

    activities

12. Two days after the post on Twitter, a Facebook user

    (a victim) also shared a post. He mentioned Threat X activities and warned the public. This report gave us the lead breakthrough for finding the key actors behind Threat X. Initial detection

13. Threat X actors carried out targeted identity thefts and impersonated

    several individuals working for the targeted financial institution. They created fake digital identity cards to help with their social engineering tactics and gain the trust of their victims. Identify theft & impersona tion

14. Threat X actors tactically and actively gathered information about their

    victims. The information gathered by each Threat X actor was shared amongst them. This included names of victims, phone numbers, bank account details, profession/ workplace, etc. PII harvesting

15. Threat X actors tactically and actively gathered information about their

    victims. The information gathered by each Threat X actor was shared amongst them. This included names of victims, phone numbers, bank account details, profession/ workplace, etc. PII harvesting 2 1

16. Threat X actor was sloppy with a victim and revealed

    clues about his real identity. The victim, after realizing he had been conned, shared the hacker’s details on a public group. Threat X actor tried to quickly clean up the mess, but it was too late. PII harvesting 2 3 1

17. Actor X profiling Ran multiple personal social media accounts, each

    for a different purpose and with different personality traits Also known as “Young Money” Ran social media accounts impersonating online assistant agents from financial organizations Ring leader of a group that ran other syndicates Also ran a fake Covid-19 credit facility scheme

18. SYNDICATE ORGANOGRAM Actor X Leader Actor 1 Scheme X Actor

    1 Scheme X Actor 1 Scheme X Actor 1 Scheme X Actor 1 Scheme X Actor 1 Scheme X Actor X Actor X Actor X Actor X Actor X Actor X

19. 1 Monitor aggressivel' 1 Public mentions are valuabl 1 The

    picture can always be bigge 1 Look in odd places — criminals can hide in plain sigh 1 Pray for luck Takeaways

20. Olakanmi Oluwole Thank you