Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Indonesian Banks. Show all posts

Conti Cyberattack Reported via Bank Indonesia

 

The Indonesian central bank was hit by ransomware, but the threat was reduced and the attack had no impact on the country's essential services. As per the bank, the situation was contained before it had a negative influence on BI's essential services, as Reuters initially reported.

"Last month, BI was informed of a ransomware attack. The bank was targeted by a cyber-attack. This is a true crime, the bank had witnessed," said Erwin Haryono, spokesman for Bank Indonesia. 

According to CNN Indonesia, the criminals allegedly took "non-critical" staff data and planted ransomware payloads on multiple computers on the bank's network during the attack on a central bank branch on the island of Sumatra. While Bank Indonesia didn't disclose who was behind the ransomware assault, security experts believe it was perpetrated by the Conti ransomware gang. 

Conti is a Russian-speaking ransomware cell that has infected over 400 companies globally, including 290 in the United States alone. Phishing emails (malicious URLs or attachments) or stolen/cracked windows remote protocol (RDP) credentials are primarily used attack vectors by Conti attackers to access victim networks. 

The group appears to target high-profile company networks, which infiltrate by using BazarLoader or TrickBot malware to gain illegal remote access to crucial devices. Threat actors strive to spread the infection by infecting additional linked devices after compromising the network. The cybercriminals then take records, encrypt servers and desktops, and demand a ransom payment. 

The Conti ransomware group claimed responsibility for the attack and listed Bank Indonesia among its victims on a Tor leaks site, claiming to have stolen about 14 GB (13.88 GB) of data.

Ransomware is used by cybercriminals to infiltrate selected network operations, infect critical data, and encrypt systems, rendering it unavailable to others. To decrypt infected systems, threat actors demand a ransom. If the victim continues to resist, hackers can threaten to expose secret information in order to put more pressure on the individual or organization.

Bank Indonesia should analyze the severity of the attack, according to Miftah Fadhli, a cybersecurity specialist at the NGO Institute of Policy Research and Advocacy (ELSAM), because it might "carry a major danger" and affect its transactions.

Cybercrimial are Using Twitter as a Doorway to Target Indonesian Banks

 

Group-IB, a global threat hunting firm, has discovered traces of an ongoing phishing campaign targeting Indonesia’s largest banks that cybercriminals manage on Twitter with the ultimate goal of stealing bank customers’ money. To lure the victims into their trap, attackers pose as bank representatives or customer support team members on Twitter. 

Threat actor started this phishing campaign in January and since then it has grown by leaps and bounds. Currently, 1,600 fake Twitter accounts are impersonating banks as compared to 600 in January. Security researchers have discovered evidence of at least seven prominent Indonesian banks that have been targeted under this campaign.

Over two million Indonesian bank customers are affected due to this phishing campaign, specifically, those who are active on the legitimate bank handles on Twitter. This fraudulent scheme was on the radar of Group-IB’s team since December 2020. Back then, only limited cases of this type of fraud were detected, but over the past three months, it expanded tremendously – from 600 fake Twitter accounts to 1,600.

The methodology used by cybercriminals 

Cybercriminals identify their targets after a bank customer asks a question or leaves feedback on the bank’s official page. They are then promptly contacted by scammers, who use fake Twitter accounts with a profile photo, header, and description that impersonates those of the real ones.

The next step is to engage the victims in a conversation via Telegram or WhatsApp. Then, the scammers send a link to the victims asking them to log in there for solving their problem through a complaint. The links lead to a phishing website identical to the official website of the bank, where victims leave their online banking credentials, which include username, email, and password.

“The case with the Indonesian banks shows that scammers have managed to solve one of the major challenges of any attack – the issue of trapping victims into their scheme. Instead of trying to trick their potential victims into some third-party website, cybercriminals came to the honey hole themselves. The campaign is consistent with a continuous trend toward the multistage scams, which helps fraudsters lull their victims,” Ilia Rozhnov, Group-IB head of Digital Risk Protection in APAC, stated.