Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Hackers took control of a Brazilian bank's entire DNS infrastructure

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

April 5, 2017

Instead of just selecting some online banking customers one by one, some very ambitious hackers took full control of a Brazilian bank's entire DNS infrastructure to steal money from bank customers.

The successful hacking incident was detailed by internet security engineers at Kaspersky Lab, and took place over approximately five hours on October 22nd, 2016, after the hackers managed to get control of the bank's entire DNS hosting service using targeted attacks.

They then managed to transfer all thirty-six of the bank's domains to phony websites that used free HTTPS certificates from Let's Encrypt.

Those websites masqueraded as the bank's legitimate online services, tricking users into believing the malicious servers were the real thing. That allowed the criminals to steal customers' usernames and passwords as they were typed into the sites' login boxes.

"All web domains, including corporate domains, were in control of the criminals," asserted Fabio Assolini, a senior security researcher at Kaspersky. He added that the attackers also took over the bank's email servers so that its staff couldn't warn customers not to log in. Pretty smart in deed, and very well planned.

During this security incident, every time a bank customer logged in they were handing over their user credentials directly to the attackers, all of which were sent off to a command and control server located in Canada.

Additionally, as if that wasn't nasty enough, the dummy websites also dropped malware on each visitor's computer in the form of .zip'd Java plugin files. Clicking on those would start an infection on computers capable of running the malicious code.

The banking Trojan had no less than eight separate modules, covering specific abilities like user credential-stealing for Microsoft Exchange, Thunderbird, and the local address book, updating systems, and even a program called Avenger.

That software is a legitimate rootkit removal tool that had been modified to shut down security software on any computer that downloaded it.

"The criminals wanted to use that opportunity to hijack operations of the original bank, but also drop malware with the capacity to steal even more money from banks of other countries," said Dmitry Bestuzhev, director of Kaspersky Lab's global research team in Latin America.

Nevertheless, the sudden burst of malware did set off alarms elsewhere, and the source of the hacking was traced back to the bank.

Security staff managed to get the original DNS credentials restored to the bank, however the attack shows the importance of managing such things much more tightly. Maybe this will server as a lesson to the other banks, especially located in Brazil and other Latin American countries which are known as having lax security practices.

"Imagine if one employee is phished on his email address and the attackers had access to the DNS tables-- that would have been a lot worse," Bestuzhev asserted.

Source: Kaspersky Lab.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer