How to take down DNS Infrastructure of Bank Easily.Find out how?

Cybercriminals can now steal money by taking advantage of the one security measure every internet user has been trained to trust: the green padlock in web browsers’

This is how hackers managed to take down the entire DNS infrastructure of a Brazilian bank in order to rob customers.

By using certificates from Lets Encrypt, the cyber thieves were able to transfer all 36 of the banks domains to phoney websites, where unsuspecting users would give away their details.

Last October hackers began this series of attacks on the Brazilian bank, which lasted three months. So successful were the attacks that the hackers managed to compromise the banks entire operations, taking over control of all 36 domains, corporate email and DNS.

During the investigation carried out by Kaspersky Lab it became evident that the bank’s website was delivering malware to each one of it’s visitors, it was not a ‘simple’ site hijack. The malware, according to researchers, was a Java file hidden inside a .zip archive, which was loaded into the index file.

Fabio Assolini , a Kaspersky Lab researcher investigating the attack said that “All domains, including corporate domains, were in control of the bad guy.” He added that the attackers also had control of the corporate email infrastructure and shut it down, preventing the bank from informing customers of the attack.

The bad guys wanted to use that opportunity to hijack operations of the original bank but also drop malware with the capacity to steal money from banks of other countries, Dmitry Bestuzhev, one of the researchers, said.

The researchers also announced at the Security Analyst Summit this week that the same cyber attackers had extended their operations to nine other institutions worldwide.

Kevin Bocek, chief cyber-security strategist at Venafi emphasised the importance of securing DNS infrastructure, because  “Cybercriminals can now steal money by taking advantage of the one security measure every internet user has been trained to trust: the green padlock in web browsers. These padlocks are supposed to signify a trusted digital certificate is in use, but now bad actors can obtain them for free. This attack is part of a much larger problem that jeopardises the system of trust behind all digital commerce. Security professionals don’t understand the scale and scope of this problem and they don’t have the tools they need to control it.”

2 thoughts on “How to take down DNS Infrastructure of Bank Easily.Find out how?

  1. Hey there ! This is a great story !

    I do no share Kaspersky’s opinion about the padlock. Infosec industry trained people to check the the presence of a padlock in their web browser, I do agree. How about the Organization Name ? Does it stand next to the padlock ? People are not informed (yet) about DV, OV nor EV certificates and what they are meant for.

    I hope this incident will be sufficient for the industry to take action.

    Liked by 1 person

    1. Thanks for your comment.
      According to new research new phishing site use secure SSLand therefore sport the padlock despite being illegitimate websites meant to steal information.Extended Validation Certificate is a type of SSL, which only used to display verified company name along with country ID in the browser address bar.
      Extended Validation Certificate is a type of SSL, which only used to display verified company name along with country ID in the browser address bar.

      EV (Extended Validation) issued through a manual verification process, and a certificate authority accomplishes this task. That is why it is a bit costlier than other SSL Certificate.
      The Extended Validation Certificate issued to the following types of companies.

      Government Agencies
      Corporations
      General Partnerships
      Unincorporated Associations
      Sole Proprietorships

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s