Would you open an email that includes your data?
Hackers are baiting their victims with stolen financial data in a clever phishing scheme. Over 400,000 data points, including identity numbers, names, phone numbers, and payment records, are used to persuade consumers to click on a malicious link. This link downloads a potent virus called BitRAT that can steal passwords, spy on users, and install crypto mining software.
In order to spread the remote access trojan known as BitRAT, the new campaign utilized confidential data taken from a bank as bait in phishing emails convincing victims to download a suspicious Excel file.
BitRAT is a well-known remote access trojan (RAT) that is sold on dark web markets and forums used by cybercriminals. Because it costs $20 for a lifetime membership, it attracts all sorts of hackers and promotes the propagation of harmful payloads. In addition, the fact that BitRAT can be utilized in a range of activities, including phishing attacks, trojanized software, and watering hole attacks, makes it much more difficult to block.
Are your employees trained in email security?
Although the hacker group responsible for the campaign is currently unknown, it is believed that they used SQL injection flaws to compromise the IT network of a Colombian cooperative bank. This is a typical method used by hackers to trick a database into producing an error message so they may discover the layout of the database.
The exposed information includes, among other things, ID numbers (national resident identity), phone numbers, email addresses, customer names, income information, payment history, and residences.
There are no indications that the information has been posted on any forums. However, this does not mean that consumers should not worry. The threat actors could use the obtained data to carry out phishing attacks themselves.
The exfiltrated bank data file also has a macro embedded that downloads a second-stage DLL payload programmed to fetch and run BitRAT on the infected host. According to Qualys researcher Akshat Pradhan, the infected file downloads BitRAT embedded payloads from GitHub to the %temp% directory via the WinHTTP library.
The GitHub repository, established in the middle of November 2022, stores encoded BitRAT loader samples, which are later decoded and launched to finish the infection chains.
My perspective
It's crucial for business owners to be aware of these types of threats. Businesses can take proactive measures to protect their systems and sensitive data. Training employees to recognize and avoid suspicious emails and links and ensuring all systems are kept up to date with the latest security patches are just a couple of ways business owners can reduce the risk of falling victim to cyber-attacks.
"The way to get started is to quit talking
and begin doing." - Walt Disney
By Denis Wilson
Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, YouTube, and Facebook.
I am also a published author and speaker on cloud computing, work-from-anywhere, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.
Contact me if you would like me to speak to your association
