News
What is BitRAT?
Cybercriminals are increasingly choosing malware packages available from third-party vendors to carry out cyber attacks. They prefer to rely on commercially available malware that can be used for mass exploitation and targeted attacks. Commercially available malware called BitRAT has developed its method to spread and infect victims.
From spraying and praying to sniping
Qualys researchers discovered that BitRAT attacks have rapidly evolved from what are known as spray and prayer attacks to more targeted attacks.
An unknown adversary has hijacked the network of a co-operative bank in Colombia to steal customer data. The adversary created persuasive decoy messages using stolen information to trick victims into opening suspicious Excel attachments.
In addition, these Excel maldocs have embedded a highly cryptic macro, which is used to download the second stage DLL payload.
The DLL payload uses various anti-debug techniques to fetch the built-in payload from GitHub and run BitRAT on the compromised server.
Hindsight Scenario
The attackers created a GitHub repository in mid-November and a disposable account to store multiple payloads.
The archive contains BitRAT samples embedded in BitRAT loader templates and hacked resources from two different companies to appear legit. The loader decodes the binary and loads it reflexively. Example of BitRAT that runs and moves the loader when the user starts up for persistence.
More information
Experts have identified logs that indicate the use of the sqlmap tool to find potential SQL injection vulnerabilities and actual database dumps.
The database dump includes 418,777 records with customer details such as Cedula number (Colombia national identity card), email address, phone number, customer name, payment record, salary and address.
Conclusion
With advanced TTPs and a wide range of features to steal data, collect credentials, mine cryptocurrencies and download additional binaries, BitRAT is a useful tool for cybercriminals. . As a result, experts recommend that organizations and individuals be protected by using anti-malware software and firewalls, and provide cybersecurity training to their employees.
Reference:
Attackers Use Stolen Bank Details to Spread BitRAT
January 06, 2023, Cyware Alerts – Hacker News
https://cyware.com/news/attackers-use-stolen-bank-details-to-spread-bitrat-60a3e4d3
Research
Why does cryptocrime cost $30 billion/year?
Rapid growth in the use of decentralised finance (DeFi) services is creating a new soft spot for global financial systems, fostering new methods of cryptocrime for cybercriminals whose “rug pulls” and other attacks will, cost the world $30 billion in 2025 alone.
That’s nearly twice the $17.5 bilion lost in 2021 — and expected to grow by 15 percent annually as the cryptocurrency market continues to expand, fueling cybercriminals’ increasing interest in pilfering cryptocurrency stores.
Cybercriminals’ attention to crypto is manifesting in a range of ways, including direct exchange hacks — such as the $30 million theft from Crypto.com in January — and scams designed to trick people into handing over their cryptocurrency holdings for any number of false purposes.
Crypto scammers took $7.7 billion from victims thanks to crypto scams last year alone, reports CryptoSlate — an 81 percent increase compared to 2020 — and the Federal Trade Commission last year noted that losses had increased tenfold over the previous 12 months.
As investment in cryptocurrency platforms continues to explode — the amount of cryptocurrency stored on DeFi platforms increased from $12 billion in 2020 to $86 billion last year, according to DeFi Pulse — the numbers are only likely to get bigger.
Yet the sector remains highly volatile, with Consensys recently noting that overall market capitalization had dropped from $174 billion last November, to $105 billion at the end of January — when the number of DeFi wallets reached a record 4.3 million.
For market watchers, those numbers suggest a runaway financial revolution — but to cybercriminals, it’s an opportunity.
Even as cybercriminals rub their hands in glee, national governments have responded by shining a legislative light on the cryptocurrency space.
Regulators in the UK, Australia, and elsewhere are floating the prospect of tightening controls on cryptocurrency operators that would, among other things, provide more certainty for investors.
The reforms, as Australian Treasurer Josh Frydenberg said in introducing them, are intended to give consumers “confidence that businesses they engage with to buy, sell or hold digital assets like crypto are subject to appropriate oversight and licensing arrangements.”
“We will improve regulatory certainty for businesses, better protect consumers and investors, and support competition by making it easier for innovative new entrants.”
Cryptosecurity Market
Cyberattacks on crypto exchanges and its users are fueling a market for pure-play “cryptosecurity” companies, according to Cybersecurity Ventures. The growth of cryptocurrencies “is directly related to the fact that there is a lot more money here and that,” said Chen Arad, co-founder and COO of Solidus Labs, a local crypto firm. accompanied by the classic triangle of fraud, manipulation and abuse”. -The company has offices in Tel Aviv, Israel, New York, Washington, D.C. and London.
“There is a lot of space in the market for a bunch of new companies that are going against crypto,” said Steve Morgan, Founder and CEO of Cybersecurity Ventures.
Reference:
Cryptocrime To Cost The World $30 Billion Annually By 2025. David Braue. CyberCrime Magazine
What is ICSS upto?
CyberSec101: 
Leave a comment