Hackers are baiting their victims with stolen financial data in a clever phishing scheme. Over 400,000 data points, including identity numbers, names, phone numbers, and payment records, are used to persuade consumers to click on a malicious link. This link downloads a potent virus called BitRAT that can steal passwords, spy on users, and install crypto mining software. In order to spread the remote access trojan known as BitRAT, the new campaign utilized confidential data taken from a bank as bait in phishing emails convincing victims to download a suspicious Excel file. BitRAT is a well-known remote access trojan (RAT) sold on dark web markets and forums used by cybercriminals. Because it costs $20 for a lifetime membership, it attracts all sorts of hackers and promotes the propagation of harmful payloads. In addition, the fact that BitRAT can be utilized in a range of activities, including phishing attacks, trojanized software, and watering hole attacks, makes it much more difficult to block. Although the hacker group responsible for the campaign is currently unknown, it is believed that they used SQL injection flaws to compromise the IT network of a Colombian cooperative bank. This is a typical method used by hackers to trick a database into producing an error message so they may discover the layout of the database. The exposed information includes, among other things, ID numbers (national resident identity), phone numbers, email addresses, customer names, income information, payment history, and residences. There are no indications that the information has been posted on any forums. However, this does not mean that consumers should not worry. The threat actors could use the obtained data to carry out phishing attacks themselves. The exfiltrated bank data file also has a macro embedded that downloads a second-stage DLL payload programmed to fetch and run BitRAT on the infected host. According to Qualys researcher Akshat Pradhan, the infected file downloads BitRAT embedded payloads from GitHub to the %temp% directory via the WinHTTP library. The GitHub repository, established in the middle of November 2022, stores encoded BitRAT loader samples, which are later decoded and launched to finish the infection chains. It’s crucial for business owners to be aware of these types of threats. Businesses can take proactive measures to protect their systems and sensitive data. Training employees to recognize and avoid suspicious emails and links and ensuring all systems are kept up-to-date with the latest security patches are just a couple of ways business owners can reduce the risk of falling victim to cyber-attacks.
On December 10th, 2019, Wawa’s information security team discovered malware on its payment processing server. By December 12, the data breach was contained, but they fear the damage has already been done. In the statement released by Wawa, the “malware has affected customer payment card information, potentially used at all Wawa locations, starting from March 4, 2019, till [its] containment.” Furthermore, Wawa has promised that “…you will not be responsible for any fraudulent charges on your payment cards related to this incident…” As of containment, an investigation has been launched and it has been discovered that, while the data breach has affected credit and debit card numbers, expirations dates, and cardholder names, it has not compromised debit card PIN numbers, credit card CVV2 numbers (the three to four numbers found on the back of the cards), other PIN numbers, and driver’s license information used to verify age-restricted purchases…” To find out the steps you should take to make sure your information stays secure, visit the statement Wawa made. There you will be able to find exact details as to the steps needed to be taken to make sure you are financially compensated or make sure your information stays safe. To learn more about what we can do to assist your company, visit our What We Do page!
Pitney Bowes, the e-commerce and tech-shipping company, has suffered a ransomware attack. On October 14th, the company disclosed that they were victims of a malware attack that resulted in the encryption of information systems and disabled customer access to some services. As of now, Pitney Bowes has confirmed that it is working with third-party security experts and consultants. However, the identity of these experts is still unknown. The company has also disclosed that, as of now, it does not appear that customer data or any other sensitive information had been accessed. While this is reassuring, it is important to air on the side of caution. Ransomware attacks are not known to be a form of heckling someone. Pitney Bowes has yet to disclose whether the attack was directed at a certain employee, or if it was transported to them through a third-party service provider. Furthermore, it is unknown if the company’s MSP was monitoring the security network before the attack occurred. We expect to learn more information and will keep you apprised of the situation as the story develops. What’s Next? If you believe you were affected by this attack, we recommend following the developments on Pitney Bowes’s Twitter as well as there webpage that is posting live updates of the situation as it develops. The company has stated that it plans on keeping its users as up-to-date on the situation as possible. It is important that you, as a business owner, trust your MSP to monitor your network and keep your customer’s and employee’s sensitive information out of the hands of criminals. Hammett Technologies has proven time and time again that we are able to handle ourselves in the event of a crisis and secure all sensitive information before it falls into the hands of thieves. To learn more about what we do, visit the What We Do page, or give us a call today!