Experts of cybersecurity firm Kaspersky recently released information on a dramatic data hacking that affected a Brazilian bank last October. Hackers changed the Domain Name System (DNS) registrations of the bank’s online sites to redirect customers to phishing websites. As a result, criminals could steal login information of millions of users at sites hosted at the bank’s legitimate address. According to Kaspersky, this kind of attack is very sophisticated and difficult to coordinate.
The hijack has been analysed in real time after the security firm detected a malware from what seemed to be the bank’s official domain. Criminals managed to simultaneously change the DNS of all websites and reroute them to servers created for this purpose on Google Cloud Platform. The fake websites contained the bank’s valid URL, the HTTPS certificate and the typical green lock, which completely deceived clients. In addition, transactions at ATMs and point-of-sale systems may have been redirected to the criminals’ infrastructure, harvesting a huge number of credit card details.
The attack is believed to have lasted for five to six hours, but hackers also infected customers with a Trojan that enabled them to steal email and FTP credentials, as well as Outlook and Exchange contact lists. The consequences of the malware are not measurable yet but definitely persisted after the attack.
The entity targeted is a major Brazilian bank with 5 million customers and numerous branches in the US and the Cayman Islands. Kaspersky declared that they cannot put a cost on the attack, but millions of users may well have been misled. The firm recommended that all banks check on the security of their DNS. At present, 50% of the world’s major banks leave the management of their DNS to a third party potentially less well protected from hacking.
To read the original article, please click here.