#CyberHeadlines: Sophisticated Cyber Bank Thievery
Last week, Kaspersky uncovered the first known case of “wholesale bank fraud”. Targeting 36 Brazilian banking sites last year, hackers changed the DNS (Domain Name System) registrations, controlling the bank’s website domains to direct users to phishing sites. It is believed that at the same time, all ATM and POS transactions were redirected to the hackers’ own servers. A Kaspersky researcher, Dmitry Bestuzhev said, “Absolutely all of the bank’s online operations were under the attackers’ control for five to six hours”. Though Kaspersky claims the full extent of the attack to still be unknown. While Kaspersky is not releasing the bank’s name, they have said the financial company has hundreds of branches operating world-wide, including in the US and Cayman Islands. They have 5 million customers and over $27 billion in assets.
We’ve seen the wide-spread damage an attack to a DNS can have in the wake of the Mirai botnet attack. This banking fraud attack proves how these attacks can produce even larger, more material damage. In this specific attack, anyone who used their online banking services during the attack were redirected to lookalike phishing sites. These were particularly sneaky phishing sites as they all had valid HTTPS certificates issue in the bank’s name. In the wake of the attack, the bank couldn’t even send email to communicate with each other, nor customers, to keep them filled in about the events. We hope this case will bring to light the importance of DNS security and cyber security practices at large.
CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cyber security training. Our training provides the most in demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cyber security education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand LMS platform has white-label capabilities ideal for internal training purposes.