Active Risk Alert: Traders Targeted via WinRAR Vulnerability
A zero-day vulnerability has been identified in versions of compression tool WinRAR predating August 2, 2023. The vulnerability, assigned the marker CVE-2023-38831, has been exploited by financially motivated attackers since April 2023, targeting traders in a likely attempt to compromise accounts such as brokerages.
Path of attack
Attackers primarily targeted online forums popular with traders, engaging potential victims in discussion, and then offering documents stated to contain strategies or advice regarding relevant topics within each forum (click here for an example screenshot). Security firm, Group-IB, found that files sent to target traders were modified. The compressed files contained a decoy file and a folder containing both harmless and malicious files with the same names. The targeted user’s attempts to open the decoy file causes a malicious script to be executed by WinRAR in the background, installing malware which allows attackers to access the victim’s device remotely.
Impact
Devices of at least 130 traders have been affected through attacks on at least 8 public forums. These forums are yet to be named, and so far the financial impact resultant from these attacks is unknown.
Upon receiving report of the vulnerability, RARLab, the maker of the WinRAR tool, released a patch for the issue with their updated version of the application on August 2, 2023.
Recommended action
Firms should encourage staff and clients to manually update the WinRAR tool to the most recent version, 6.23, to ensure the vulnerability has been addressed. Companies should also enforce the use of standard user accounts instead of administrator accounts wherever possible.
Additionally, staff and clients should be reminded that caution should be exercised when interacting with others on a public forum.
How we help
ACA provides services to help organizations tackle threats such as phishing, including:
- Staff security training about industry best practices, cyber trends, and emerging threats.
- Phishing tests that deploy a targeted email campaign to test employees’ ability to identify and handle phishing threats.
- Penetration testing and vulnerability assessments to identify network vulnerabilities that can help reduce the risk of a breach and associated financial, operational, and reputational losses.
Learn more about our additional solutions here.
For questions about this alert, or to find out how we can help you meet your regulatory cybersecurity obligations, please reach out to your trusted cyber advisor or contact us here.
Related insights
2024 Cybersecurity Benchmarking Survey Results
This year’s survey covered a wide range of topics and involved the participation of compliance professionals at 308 financial services firms of various sizes.
- Cybersecurity
Highlights From the 2024 ACA Conference
As the curtains close on the 2024 ACA Conference, the echoes of transformative dialogue and insightful revelations resonate, shaping the trajectory of GRC in financial services.
- Compliance
- RegTech
- Cybersecurity
- ESG
- Performance
- Managed Services
- SEC
Critical Vulnerability Detected in Palo Alto Networks' GlobalProtect Gateways
A popular firewall used in the financial industry is under attack due to a critital zero-day vulnerability. Firms that use Palo Alto Networks' firewall need to update their software to protect their systems.
- Cybersecurity