Redbanc Cyberattack Follow-up and Aftermath Explained

Redbanc, a leading online banking platform, suffered a devastating cyberattack in 2022, compromising the sensitive information of millions of customers.

The attack was carried out by a sophisticated group of hackers who managed to breach Redbanc's security system.

Redbanc's swift response to the attack was crucial in minimizing the damage, with the company immediately notifying affected customers and offering them free credit monitoring services for a year.

The cyberattack had a significant impact on Redbanc's reputation, with many customers expressing their disappointment and frustration on social media.

The Redbanc cyberattack was carried out by the North Korea-linked advanced persistent threat (APT) group Lazarus.

Lazarus attacks often rely on social media and trusted relationships to execute and install their payloads. This makes security awareness training, especially on social media and social engineering, highly recommended.

The intrusion occurred when a trusted Redbanc IT professional clicked on a link to apply for a job opening found through social media. The applicant was ultimately tricked into executing the payload.

The malware's dropper displayed as a job application while downloading and executing PowerRatankba, a malware toolkit with ties to Lazarus.

Redbanc is a network of banks in Latin America that aims to improve financial inclusion and efficiency.

In 2004, the first bank to join Redbanc was the Banco de la Republica Oriental del Uruguay.

Redbanc has 33 member banks across 17 countries in Latin America, providing a wide reach to its users.

The network allows member banks to share resources and expertise, making it easier for them to offer financial services to underserved communities.

Redbanc's member banks have a combined customer base of over 100 million people, making it a significant player in the region's financial landscape.

A unique perspective: Money Center Banks

The Redbanc cyberattack was linked to the Lazarus group, a North Korea-linked advanced persistent threat group.

The attack occurred in December 2018 and involved the malware toolkit PowerRatankba.

The malware was delivered via a trusted Redbanc IT professional who clicked a link to apply for a job opening found through social media.

The dropper sample was a Microsoft Visual C#/ Basic .NET (v4.0.30319)-compiled executable that contained the logic to call the server and download a PowerRatankba PowerShell reconnaissance tool.

A fresh viewpoint: Investment Technology Group

Security awareness training, especially on social media and social engineering, is recommended to prevent such attacks.

The Lazarus group's attacks often rely on social media and trusted relationships to execute and install their payloads.

The PowerRatankba tool is a newer reconnaissance and downloader implant tool leveraged by Lazarus to fingerprint and obtain information about compromised machines.

In the aftermath of Redbanc's closure, many users were left wondering what would happen to their accounts and funds. The company's abrupt shutdown caused a significant disruption in the banking system.

Redbanc's parent company, Banco de la República, took over the management of Redbanc's assets and liabilities. This move was in line with the company's contingency plan to ensure a smooth transition.

Users were initially unable to access their accounts, but Banco de la República quickly set up a new system to allow customers to retrieve their funds. This process took several days to complete.

The takeover by Banco de la República was seen as a positive move, as it ensured that users' accounts were protected and their funds were secure.

Worth a look: Banking Core Systems