BitPaymer Targets SMBs

An ongoing BitPaymer campaign has targeted at least 15 US SMBs (small and medium-sized businesses) spanning across the financial, agricultural, technology, and government sectors over the last three months. The infection begins with an email containing Dridex, a banking trojan used to collect network information. The threat actor has been observed on infected systems for up to thirty days, sitting dormant on a victim’s system to quietly collect information. BitPaymer appears to be deployed during weekends while employees are away and proliferates once employees return to work. The NJCCIC recommends users avoid clicking on links and opening attachments within unsolicited or unexpected emails, even those appearing to be from known senders. Users are advised to, instead, navigate to websites by manually typing the URL into the address bar of their browser. Also, users are advised to employ a defense-in-depth cybersecurity strategy and keep anti-virus/anti-malware updated and running. For further information, users can read the Morphisec blog post.