Banks need to step up security to protect their customers' data and money.
In recent months, two banks have been the target of attacks on the open source supply chain, the first of its kind.
In separate campaigns in February and April, attackers uploaded packages of malicious scripts to the npm open source software platform, according to Checkmarx analysts.
During one of the attacks, a hacker placed several infected packages with scripts inside that identified the victim's operating system. Depending on whether it was Windows, Linux, or MacOS, the script decoded the other encrypted files in the package. These files were then used to download malicious code to the target computer.
The attacker who downloaded the packages created a fake LinkedIn* page where he posed as an employee of the target bank. Because of this, Checkmarx researchers thought the bank might be doing penetration testing, but the bank said the npm packages uploaded were not related to the organization. The hacker also created individual Command and Control (C2) servers for each target.
In another incident, an attacker injected malicious code into an online banking login page. The payload showed that the cybercriminal had identified a unique element ID in the HTML code of the login page and developed his code to capture a specific login form element, stealthily intercepting and exfiltrating the login data.
The malicious packages were removed after they were discovered by researchers, but Checkmarx experts expect "a steady trend of attacks on the banking sector software supply chain."
Previously, Checkmarx researchers uncovered a campaign in which cybercriminals found a way to inject their malicious code into npm packages without changing the source code. The hackers used AWS S3 buckets that were abandoned by their owners and replaced the binaries needed for the packages to work.
Recall that the Russian information security company F.A.C.C.T. recently recorded attacks by the hacker group RedCurl, known for its activities in the field of commercial espionage and theft of corporate information. The detected attacks were directed at one of the main banks in Russia, which was subjected to cyberattacks twice: the first time using specialized phishing emails on behalf of a major Russian marketplace, and the second time through a bank contractor.
Earlier, we reported that in the first quarter of 2023, credit institutions prevented the theft of funds in the amount of 712 billion rubles, reflecting 2.7 million transactions without the consent of the client. 252.1 thousand attacks were successful, as a result of which 4.5 billion rubles were stolen. Most of the victims were individuals who lost money in 251.5 thousand cases. Corporate clients of banks were subjected to 655 attacks, and credit institutions themselves did not suffer from the actions of hackers.
In recent months, two banks have been the target of attacks on the open source supply chain, the first of its kind.
In separate campaigns in February and April, attackers uploaded packages of malicious scripts to the npm open source software platform, according to Checkmarx analysts.
During one of the attacks, a hacker placed several infected packages with scripts inside that identified the victim's operating system. Depending on whether it was Windows, Linux, or MacOS, the script decoded the other encrypted files in the package. These files were then used to download malicious code to the target computer.
The attacker who downloaded the packages created a fake LinkedIn* page where he posed as an employee of the target bank. Because of this, Checkmarx researchers thought the bank might be doing penetration testing, but the bank said the npm packages uploaded were not related to the organization. The hacker also created individual Command and Control (C2) servers for each target.
In another incident, an attacker injected malicious code into an online banking login page. The payload showed that the cybercriminal had identified a unique element ID in the HTML code of the login page and developed his code to capture a specific login form element, stealthily intercepting and exfiltrating the login data.
The malicious packages were removed after they were discovered by researchers, but Checkmarx experts expect "a steady trend of attacks on the banking sector software supply chain."
Previously, Checkmarx researchers uncovered a campaign in which cybercriminals found a way to inject their malicious code into npm packages without changing the source code. The hackers used AWS S3 buckets that were abandoned by their owners and replaced the binaries needed for the packages to work.
Recall that the Russian information security company F.A.C.C.T. recently recorded attacks by the hacker group RedCurl, known for its activities in the field of commercial espionage and theft of corporate information. The detected attacks were directed at one of the main banks in Russia, which was subjected to cyberattacks twice: the first time using specialized phishing emails on behalf of a major Russian marketplace, and the second time through a bank contractor.
Earlier, we reported that in the first quarter of 2023, credit institutions prevented the theft of funds in the amount of 712 billion rubles, reflecting 2.7 million transactions without the consent of the client. 252.1 thousand attacks were successful, as a result of which 4.5 billion rubles were stolen. Most of the victims were individuals who lost money in 251.5 thousand cases. Corporate clients of banks were subjected to 655 attacks, and credit institutions themselves did not suffer from the actions of hackers.
