• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Qakbot Spreads through VBS Files
June 2, 2020
Rewterz Threat Advisory – CVE-2020-10136 – Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability
June 2, 2020

Rewterz Threat Alert – African Banking Sector Targeted via Phishing Emails

June 2, 2020

Severity

Medium

Analysis Summary

Researchers identified a phishing campaign targeting customers of South African banking institutions in order to steal credentials, accounts numbers, PINs, and more. The phishing email appears to come from the South African Revenue Service’s (SARS) eFiling service and claims to reference a tax return that has been deposited into the user’s account. Recipients are requested to select and log in to their institution from one of five listed banks in order to complete the refund process. Each of the links leads to a look alike login page for the associated bank. The landing pages ask for a variety of information, such as account numbers, passwords, PINs and cell phone numbers. All of the sites are hosted on the same server and leverage the Webnode website building service. By using Webnode, any data entered into the form is conveniently gathered and stored by the service. 

Figure-1WM_Email-2.png.wm-1200x952.jpg

Impact

  • Credential theft
  • Financial loss
  • Exposure of sensitive data

Indicators of Compromise

URL

  • hxxps[:]//absa9[.]webnode[.]com
  • hxxps[:]//capitec-za[.]webnode[.]com
  • hxxps[:]//first-national-bnk[.]webnode[.]com
  • hxxps[:]//nedbank-za0[.]webnode[.]com
  • hxxps[:]//standardbnk[.]webnode[.]com

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/ attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.