Researchers have discovered a new malware that targets corporate bank customers in Brazil. According to the statement, cyber attackers firstly deceive the victims with their social engineering tactics, then take advantage of the high-level hiding capabilities of the software and the ability to simulate the online banking information of the companies. Bitdefender Antivirus, cyber fraud and advised the companies to avoid damage.
Hackers identify companies that first work with specific financial institutions. By calling the authority they believe to have the bank account information of the company, the attackers who act like a bank employee are directed to the malicious contact on the phone. The hackers who have requested to check whether the security module is up-to-date or not, says that the module needs to install software on the user’s computer for updating. Carelessly acting on the page that mimics the various features of the bank, the victim installs the software.
After the download of the software called CamuBot, which contains a highly dangerous Trojan horse virus, and the software is downloaded to the computer system, a page similar to the bank’s online banking page opens. On the phone by entering the instructions of the attacker on the phone by falling victim, the company’s banking information to hackers is given. If the captured user information is sufficient to fully capture the account, the phone call is terminated immediately.
Authentication Methods Cannot Identify CamuBot
According to the researchers, CamuBot is able to easily escape from many powerful authentication techniques and security controls. CamuBot does not allow two-factor protection and biometric identification control systems to be able to remotely access devices and block single-use passwords.
Cyber-attackers who provide full access to their victims’ account can cause massive damage to companies through payment transactions via IP addresses, while ensuring that the payment process is legal by the bank.
What Should You Do to Protect Your Company?
The use of social engineering techniques and advanced malicious software makes it harder not to fall into the network of cyber attackers. While frightening the possibility of CamuBot software deployment to other countries, company members need to pay utmost attention to any software they need to install on their smart devices and to any environment where their login information is required. Emphasizing the need to act with skeptical consciousness to avoid damage, Bitdefender Antivirus officials offer companies various suggestions to avoid being affected by such cyber attack.
• Keep your inventory and inventory clean of your digital assets so that cybercriminals cannot attack your system without your knowledge.
• Update all software, including your operating system and applications.
• Back up all data every day, including information on personnel devices. Thus, if you are attacked, you can restore the encrypted data. Always back up important data in a secure environment that does not have a connection to your computer or network.
• Do not put all data into your company’s public file sharing network. Partition your sharing network.
• Inform company employees about cyber security. Warn them not to open email attachments and links from unknown sources. Please note that a company is only as secure as its weakest link.
• If a virus reaches the corporate network, develop a communication strategy to inform employees.
• Decide what to do with the board before any attacks.
• Communicate with specific vendors or vendors, review their cyber security in their life cycle, and perform threat analysis.
• Instruct the information security team to perform penetration testing and if there is a security vulnerability.
• Get an intelligent security solution to detect and block malware, phishing and attack attempts for all your devices.