Cybercrime on the Rise in Peru’s Finance Industry: Experts Warn of Sophisticated Attacks

Lima, Peru - A recent surge in cyberattacks targeting banks in Peru has raised concerns about the growing threat of cybercrime in the country’s finance industry. The attacks, which began earlier this month, involve hackers using phishing emails to trick victims into installing malware on their computers.

The Phishing Campaign

The phishing campaign, which has also been detected in other countries including Thailand, Malaysia, Indonesia, and the US, is believed to be a Distributed Denial of Service (DDoS) attack. However, some experts have suggested that it could be a more sophisticated form of cybercrime, such as ransomware.

Here are the details of the phishing campaign:

• The emails claim to offer investment opportunities in Bitcoin.
• The emails include two links: one that redirects the user to a website offering “new technology,” and another that goes to a video explaining cryptocurrency investments.
• The links point to a malicious domain, matchtv. biz.ua.

The Malware

When accessed, the link redirects victims to different URLs depending on their IP location, browser, and operating system. Trend Micro’s analysis of the malware found that it:

• Connects to a command-and-control (C&Cs) server.
• Modifies Internet Explorer browsers, leading users to malicious websites.

Expert Warning

“This is a sophisticated attack that has been designed to evade detection,” said Trend Micro. “It’s not just targeting Peruvian banks, but could have far-reaching consequences for financial institutions around the world.”

Recommendations

To avoid falling victim to this type of attack:

• Always check email addresses for red flags such as suspicious sender addresses or multiple typographical errors in an “official” document.
• Consider using Trend Micro’s XGen security solution, which provides a cross-generational blend of threat defense techniques against a full range of threats.

Indicators of Compromise (IOCs)

Here are the IOCs identified in this attack:

• URLs:
  • https://flare.draftsoftwaresets.win/?afgasd= MdPY0PcprjvQCaRkZQ2kTycIT47NXxmNcEA1m_ B- Dp3b1NX95dGeGr4w06ppke1s4rVXeo_aSduf2KpQZeUnyA..
  • http://matchtv.biz.ua/matchtvXX/ (where XX is a two-digit number)
• Hashes: f6b379a624f67169d4b20d553a5a1aa02170a022f4ae909c0d5c3b27af27c8f4

The Global Implications

It’s not just about Peruvian banks, it’s about the global finance industry. Cybercrime is a growing threat that requires vigilance and awareness among financial institutions and individuals. By taking steps to protect ourselves, we can reduce the risk of falling victim to these types of attacks.