The cybercrime group Hotarus Corp has hacked Banco Pichincha – one of the biggest Ecuador’s banks – alongside the county’s Ministry of Finance. The hackers initially attacked the local Ministry of Finance, using a PHP-based ransomware to encrypt a site that was hosting an online course. A short time later, the attackers leaked on a hacker forum a text file containing more than 6 thousand combinations of usernames and hashed passwords. According to the group, they managed to steal “secret ministerial information, emails, employee information and contracts”.
After this first attack, they targeted Ecuador’s biggest private financial institution, Banco Pichincha, which confirmed the intrusion in an official statement, though underlining that there was “no evidence of damage or access to the Bank’s systems” and that it was a marketing partner that was hacked.
Through phishing emails, the attackers sent communications on behalf of Banco Pichincha to obtain clients’ confidential information and carry out illegitimate transactions. The hacking group denied the bank’s official statement and declared that they used the marketing company’s attack as a launchpad into the bank’s internal systems, where they stole “31,636,026 million customer records & 58,456 sensitive system records”.
Marketing teams are among the most common targets for cybercriminals today. After the start of the global pandemic marketers found themselves under even higher pressure, as they had to move events, education, and other activities online. These processes impacted the number of the social media users, that grew +9% in comparison with 2019 and reached 3.8 billion.
When people are stressed with big number of tasks and work under constant pressure, the risk of making a mistake is growing. According to Sababa Awareness report 2020, 34% of marketers, 33% of content managers and 55% of designers conducted insecure actions, when they received phishing emails.
Hackers send out hundreds of thousands of fraudulent messages to get access to corporate networks, even if only a small part of recipients fall for the scam. According to the Clusit Report 2021 by the Italian Association for Cybersecurity, phishing and other social engineering techniques represented 15% of all the attacks performed in Italy in 2020.
Here are few things you can do to prevent the devastating consequences of a phishing attack:
Join a webinar on Sababa Awareness on 7/04 and find out more on our security awareness platform, equipped with the dedicated customizable modules for SMM and other non-IT teams across your organization.
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_gat_gtag_UA_150416163_1||1 minute||Set by Google to distinguish users.|
|_gid||1 day||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.|
|pardot||past||The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.|
|visitor_id909942-hash||10 years||No description|
|lpv909942||30 minutes||No description|
|visitor_id909942||10 years||No description|