Choosing MDR? – Start with selecting an MDR provider
March 23, 2021
Ragnarok ransomware hits menswear brand Boggi Milano
April 20, 2021
The cybercrime group Hotarus Corp has hacked Banco Pichincha – one of the biggest Ecuador’s banks – alongside the county’s Ministry of Finance. The hackers initially attacked the local Ministry of Finance, using a PHP-based ransomware to encrypt a site that was hosting an online course. A short time later, the attackers leaked on a hacker forum a text file containing more than 6 thousand combinations of usernames and hashed passwords. According to the group, they managed to steal “secret ministerial information, emails, employee information and contracts”.
After this first attack, they targeted Ecuador’s biggest private financial institution, Banco Pichincha, which confirmed the intrusion in an official statement, though underlining that there was “no evidence of damage or access to the Bank’s systems” and that it was a marketing partner that was hacked.
Through phishing emails, the attackers sent communications on behalf of Banco Pichincha to obtain clients’ confidential information and carry out illegitimate transactions. The hacking group denied the bank’s official statement and declared that they used the marketing company’s attack as a launchpad into the bank’s internal systems, where they stole “31,636,026 million customer records & 58,456 sensitive system records”.
What does it mean?
Marketing teams are among the most common targets for cybercriminals today. After the start of the global pandemic marketers found themselves under even higher pressure, as they had to move events, education, and other activities online. These processes impacted the number of the social media users, that grew +9% in comparison with 2019 and reached 3.8 billion.
When people are stressed with big number of tasks and work under constant pressure, the risk of making a mistake is growing. According to Sababa Awareness report 2020, 34% of marketers, 33% of content managers and 55% of designers conducted insecure actions, when they received phishing emails.
How to protect your company?
Hackers send out hundreds of thousands of fraudulent messages to get access to corporate networks, even if only a small part of recipients fall for the scam. According to the Clusit Report 2021 by the Italian Association for Cybersecurity, phishing and other social engineering techniques represented 15% of all the attacks performed in Italy in 2020.
Here are few things you can do to prevent the devastating consequences of a phishing attack:
- Invest into security awareness training for your non-IT users, including marketing and SMM professionals
- Continuously monitor and analyze security events to spot out any anomalies and suspicious activities on time
- Prepare an emergency plan so you can act fast to contain the security incident
Join a webinar on Sababa Awareness on 7/04 and find out more on our security awareness platform, equipped with the dedicated customizable modules for SMM and other non-IT teams across your organization.
