Wednesday April 05, 2017

How Hackers Hijacked a Bank’s Entire Online Operation

At the Security Analyst Summit yesterday, Kaspersky Labs researchers announced the results of a deep dive into the top-to-bottom compromise of a Brazilian bank's online presence. Last October, for a weekend, hackers took control of the bank's DNS account and hijacked all 36 of their domains, redirecting them to perfect copies of the bank's sites, harvesting users information in the process.

For some reason Kaspersky isn't releasing the name of the bank that was targeted, but in reviewing Brazilian news, it appears they are talking about Banrisul. (Unless you speak Portuguese, bring your Google translator) You heard it here first, folks, at least in English.

News Image

"Absolutely all of the bank’s online operations were under the attackers’ control for five to six hours," says Dmitry Bestuzhev, one of the Kaspersky researchers who analyzed the attack in real time after seeing malware infecting customers from what appeared to be the bank’s fully valid domain. From the hackers’ point of view, as Bestuzhev puts it, the DNS attack meant that "you become the bank. Everything belongs to you now."

Discussion