• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Zoom Client Leaks Windows Login Credentials to Attackers
April 10, 2020
Rewterz Threat Alert – Cisco ‘Critical Update’ Phishing Attack Steals Webex Credentials
April 10, 2020

Rewterz Threat Alert – Funds on Hold – Phishing Attack Targeting Banking Credentials

April 10, 2020

Severity

High

Analysis Summary

In this attack, attackers are impersonating a major financial institution claiming to have received the recipient’s stimulus check, but needing the recipient to verify their account to release the funds. The attackers have created a full landing page to attempt to steal the recipient’s banking credentials. The campaign targets more than 50,000 users via Office 365, sending concealed malicious links that redirect to impersonated web pages of financial institutions, where login credentials would be demanded and sent to attackers. 

As COVID-19 has induced an economic uncertainty, similar campaigns have been observed in different geographic locations, using the click-bait of COVID-19 relief funds. As the emails claim that this financial institution has placed the funds on hold until the user can sign in and “verify account ownership”, in such testing times people are more likely to login without confirmation. The URL is masked with a link, and the real URL takes victims to a site hosted at “https://theruncoach.icu/home.php”, controlled by attackers to steal the login credentials of victim’s bank account.

While this attack involved impersonation of one financial institution, similar attacks are underway that invoke an urgency, leaving the victims unable to scrutinize the email. The email even contained real links to the financial institution’s privacy statement, in addition to the fake landing page which would steal their credentials. The landing page was similarly elaborate, appearing almost exactly like the true bank landing page.

Similar phishing campaigns were seen targeting customers of many Pakistani banks last year by threatening an account block, so the tactic is not new. However, in times of financial instability, users may actually fall victim to such an attack.

Impact

  • Theft of banking credentials
  • Financial loss

Indicators of Compromise

URL

https[:]//theruncoach[.]icu/home[.]php

Remediation

  • Block the URL at your respective control.
  • Ensure employee and customer awareness regarding phishing attacks over email that impersonate financial institutions. 
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.