Seqrite – a specialist provider of cyber security products and services – has detected a new wave of Adwind Java Remote Access Trojan (RAT) campaign targeting Indian co-operative banks using Covid-19 as a bait. Researchers at Seqrite warned that if attackers are successful, they can take over the victim’s device to steal sensitive data like SWIFT logins and customer details and move laterally to launch large scale cyber attacks and financial frauds. Seqrite is successfully detecting and blocking any such attempts using its patented Signature-less and Signature-based detection technology.
What is the attack methodology?
According to the researchers at Seqrite, the Java RAT campaign starts with a spear-phishing email which claims to have originated from either Reserve Bank of India or a nationalized bank. The content of the email refers to COVID-19 guidelines or a financial transaction, with detailed information in an attachment, which is a zip file containing a JAR based malware
Upon further investigation, researchers at Seqrite found that the JAR based malware is a Remote Access Trojan that can run on any machine which has Java runtime enabled and hence it can impact variety of endpoints, irrespective of their base Operating System. Once the RAT is installed, the attacker can take over the victim’s device, send commands from a remote machine, and spread laterally in the network. In addition, this malware can also log keystrokes, capture screenshots, download additional payloads, and extract sensitive user information.
What is at stake?
Such attack campaigns can effectively jeopardize the privacy and security of sensitive data at the co-operative banks and result in large scale attacks and financial frauds. Here are the different ways in which attackers can affect the banks:-
Steal Sensitive Data
Cyberattack on banks can lead to stealing of all customer data and important financial infrastructure details. This data leak helps the attacker to plan the next phase of attack including targeted attacks.
Backdoors often lead to stealing of credentials for important financial infrastructure like SWIFT logins. This can lead to big financial loses to banks. We have previously seen incidences where banks had to face large financial losses due to such attacks.
During the last few years, there have been a few drawn-out and long duration cyber attacks on banks resulting in huge financial impact. Such attacks usually start with an initial infection that gives cybercriminals access to resources within the network, and spread laterally to the rest of the network till attacker gains access to sensitive/confidential information. The possibility of this Java RAT based being one such starting point should not be discounted.
The timely detection and blocking of such attack campaigns is, therefore, essential for maintaining the integrity and trust in banking institutions. Seqrite recommends users to exercise ample caution and avoid opening attachments and clicking on web links in unsolicited emails. Banks should also keep their Operating Systems updated and have a full-fledged security solution installed on all the devices.