Sept 12 — For the last two years, a malicious campaign known as DangerousSavanna has disrupted financial services groups in Western, French-speaking Africa. In the last few months, the campaign has heavily focused on the Ivory Coast, delivering malicious attachments and emails via diverse file types, including Word, PDFs, ZIP and ISO files.

DangerousSavanna

The DangrousSavanna campaign leverages common phishing tactics to lure in phishing victims. The campaign operators commonly send emails that appear to come from the Tunisian Foreign Bank and Nedbank, two major African institutions, in order to make the emails believable.

Attack motivations

Based on the victimology, tactics, techniques and procedures in use, researchers suggest that the campaign is financially motivated.”Whoever it is, this threat actor, or group of actors, is highly targeted and persistent in infecting specific victims, and right now, we are aware of at least three major financial corporations…that have been affected,” explains Sergey Shykevich, threat intelligence group manager with Check Point Research.

Attack prevention

Cyber criminals commonly perceive geographic regions with comparatively fragile economies, and limited capacity to invest in cyber security, as easy targets. At the same time, the financial and banking sector is among the most commonly targeted sectors worldwide, experiencing as many as 1,144 weekly cyber attacks, on average.

Phishing and spear phishing prevention are critical. To protect effectively, ensure that your organization uses the best email security available. In addition, complete endpoint protection is essential in preventing security breaches and data compromise.

For more on this story, please see the Check Point Research site. Lastly, to receive more timely cyber security news, top-tier reports and cutting-edge analyses, please sign up for the cybertalk.org newsletter.