The cybercrime group Hotarus Corp has hacked Banco Pichincha – one of the biggest Ecuador’s banks – alongside the county’s Ministry of Finance. The hackers initially attacked the local Ministry of Finance, using a PHP-based ransomware to encrypt a site that was hosting an online course. A short time later, the attackers leaked on a hacker forum a text file containing more than 6 thousand combinations of usernames and hashed passwords. According to the group, they managed to steal “secret ministerial information, emails, employee information and contracts”.
After this first attack, they targeted Ecuador’s biggest private financial institution, Banco Pichincha, which confirmed the intrusion in an official statement, though underlining that there was “no evidence of damage or access to the Bank’s systems” and that it was a marketing partner that was hacked.
Through phishing emails, the attackers sent communications on behalf of Banco Pichincha to obtain clients’ confidential information and carry out illegitimate transactions. The hacking group denied the bank’s official statement and declared that they used the marketing company’s attack as a launchpad into the bank’s internal systems, where they stole “31,636,026 million customer records & 58,456 sensitive system records”.
Marketing teams are among the most common targets for cybercriminals today. After the start of the global pandemic marketers found themselves under even higher pressure, as they had to move events, education, and other activities online. These processes impacted the number of the social media users, that grew +9% in comparison with 2019 and reached 3.8 billion.
When people are stressed with big number of tasks and work under constant pressure, the risk of making a mistake is growing. According to Sababa Awareness report 2020, 34% of marketers, 33% of content managers and 55% of designers conducted insecure actions, when they received phishing emails.
Hackers send out hundreds of thousands of fraudulent messages to get access to corporate networks, even if only a small part of recipients fall for the scam. According to the Clusit Report 2021 by the Italian Association for Cybersecurity, phishing and other social engineering techniques represented 15% of all the attacks performed in Italy in 2020.
Here are few things you can do to prevent the devastating consequences of a phishing attack:
Join a webinar on Sababa Awareness on 7/04 and find out more on our security awareness platform, equipped with the dedicated customizable modules for SMM and other non-IT teams across your organization.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.