Skip to main content

Cyber criminal organization took over online service of a major Brazilian bank DNS for 5 hours


Cyber criminals launched a sophisticated cyber heist that compromised the entire DNS infrastructure of a major Brazilian Bank.



A cyber criminal organization took over online service of a major Brazilian bank for five hours. The hackers compromised the bank DNS system and intercepted all the connections to the financial institution.
According to Kaspersky Lab who investigated the incident, the attack was very sophisticated, attackers used a valid SSL digital certificates and Google Cloud to support the phony bank infrastructure.
Kaspersky Lab did not disclose the name of the bank that was victim of the attack.Crooks compromised 36 domains belonging to the bank, including internal email and FTP servers.

The hackers took control of the bank’s DNS account after they have compromised the bank’s Domain Name Service (DNS) provider Registro.br.
It is still unclear how hackers compromised the DNS provider, but the experts believe the cyber attacks began at least five months prior to the day of the hack.
The attack occurred on October 22, 2016 and lasted five hours during which the attackers captured the transaction of hundreds of thousands or possibly millions of the bank’s customers worldwide. When the bank customers tried the accessed the online services offered by the bank they were infected with a malware posing as a Trusteer banking security plug-in application.
The malware was designed to disable victim’s security solutions and steal login credentials, email contact lists, and email and FTP credentials.
The experts explained that it is the first time they observed a so massive attack.
“As far as we know, this type of attack has never happened before on such a big scale,” explained Dmitry Bestuzhev, director of Kaspersky Lab’s research and analysis team in Latin America. 
The experts at Kaspersky highlighted the DNS provider Registro.br fixed a cross-site request forgery flaw on its website in January, it is possible the attackers have exploited the flaw for the attack.
“Maybe they [the attackers] exploited the vulnerability on that website and got control. Or … We found several phishing emails targeting employees of that registrar, so they could have spear-phished them,” added Kaspersky. “We don’t know how exactly they originally compromised” the DNS provider, he says.
A disconcerting aspect of the story is the fact that the Brazilian bank didn’t enable the two-factor authentication option implemented by Registro.br.
The malicious code targets a specific list of other banks in many countries, including Brazil, US, the UK, Japan, Portugal, Italy, China, Argentina, and the Cayman Islands.
The attackers used a modular malware that could infect both Windows and Mac OSs.
The malware was identified as  Trojan-Downloader.Java.Agent; Trojan.BAT.Starter; not-a-virus:RiskTool.Win32.Deleter; and Trojan-Spy.Win32.Agent.
The crooks also launched a phishing campaign against specific bank clients during the five-hour attack.
The stolen information was sent by hackers to a server in Canada,
Kaspersky suspects the involvement of a sophisticated Brazilian cybercrime gang.
“They spent five months just waiting. This is not someone who is a newbie,” added Bestuzhev.

Popular posts from this blog

TAMILNADU UNIVERSITY LIST

State Government Universities Anna University Annamalai University Alagappa University Bharathidasan University Bharathiar University Madurai Kamaraj University Manonmaniam Sundaranar University Mother Teresa Women's University Periyar University Tamil Nadu Agricultural University Tamil Nadu Dr. Ambedkar Law University Tamil Nadu Dr. M.G.R. Medical University Tamil Nadu Open University Tamil Nadu Physical Education and Sports University Tamil Nadu Teachers Education University Tamil Nadu Veterinary and Animal Sciences University Tamilnadu Horticulture University Tamil University Tamil Virtual University Thiruvalluvar University University of Madras Central Government University Central University of Tamil Nadu Gandhigram Rural University Private Deemed Universities Avinashilingam University for Women B S Abdur Rahman University Bharath University Chettinad University Dr. MGR Research Institute University...
Read more

TOP TEN POPULATED COUNTRIES IN THE WORLD

1.China IN 2012 - 1,343,239,923 EXC IN 2050- 1,303,723,332 2.India IN 2012 - 1,205,073,612 EXC IN 2050- 1,656,553,632 3.United States IN 2012 - 313,847,465 EXC IN 2050- 439,010,253 4.Indonesia IN 2012 - 248,645,008 EXC IN 2050- 313,020,847 5.Brazil IN 2012 - 193,946,886 EXC IN 2050- 260,692,493 6.Pakistan IN 2012 - 190,291,129 EXC IN 2050- 276,428,758 7.Nigeria IN 2012 - 170,123,740 EXC IN 2050- 264,262,405 8.Bangladesh IN 2012 - 161,083,804 EXC IN 2050- 233,587,279 9.Russia IN 2012 - 142,517,670 EXC IN 2050- 109,187,353 10.Japan IN 2012 - 127,368,088 EXC IN 2050- 93,673,826
Read more

Facebook has fixed a serious security bug

Facebook has fixed a serious security bug that could have been exploited by hackers to delete any video shared by anyone on their wall. A new bug was discovered in the Facebook platform by the security researcher Dan Melamed, the flaw could be exploited to delete any video shared by anyone on their wall. Dan Melamed explained that a similar issue was discovered in June 2016 by the Indian security researcher Pranav Hivarekar who demonstrated that was able to delete any video by exploiting a security issue that exits  in the recently introduced video comment feature. The new but discovered by Melamed allowed him to delete any video on Facebook shared by anyone without having any permission or authentication. The expert also discovered that was possible to disable commenting on the video of your choice. “Back in June of last  year  I discovered a critical vulnerability that allows me to remotely delete any video on Facebook. In addition, I ...
Read more