New Delhi, Feb 7: Cybercriminals are targeting small businesses in India, the UK and the US, sending infected mails to employees responsible for accounts and fund transfers to steal money from affected organisations, security software solutions provider Symantec said.
"Financially-motivated attackers are sending social- engineering e-mails to small and medium businesses (SMBs) in India, the UK and the US in order to deliver Backdoor.Breut and Trojan.Nancrat," Symantec said in a blog.
Attackers have been spreading two families of remote access Trojans (RATs) to small businesses in India (56 per cent), the US (23 per cent) and the UK (21 per cent) since the start of 2015, it added.
The attackers don't focus on specific industries or organisations, working to gain access to whichever business they can, and if they can't compromise a company, they move on to another, Symantec said.
Symantec said the attackers operate with few resources, rely on social engineering rather than exploits, and use two publicly available RATs.
"The campaign has been occurring since at least early 2015. For most of the year, the targets were mainly located in India, while some others were in the US and other regions," it said.
However, activity in India and the US has dropped in the past few months while the number of infections in the UK has increased, Symantec added. The e-mails include archive file attachments, usually with the .zip extensions.
If the user opens the file, their computer is infected and gives the attackers complete control of the victim's computer.
Through these infections, the attackers can access the webcam and microphone, log keystrokes, steal files and passwords.
Symantec said users should be careful while opening attachments or clicking on links in suspicious e-mail messages.
Also, users should avoid providing any personal information while answering an e-mail and never enter personal information in a pop-up web page.
Besides, keep security software up to date and if the user is uncertain about an e-mail's legitimacy, they should contact the internal IT department, Symantec said.