Experts from Securonix and Secure Channels commented tonight on Brian Krebs’ report that the St. Louis Federal Reserve today sent a message to the banks it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution. The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office.
Igor Baikalov, Chief Scientist, Securonix (www.securonix.com)
“Unless hackers were really into some serious economic research, the likely target of this attack was not the FRB data, but rather the users of this data. Attackers could have harvested credentials on the spoofed pages (hoping for password reuse on other, more sensitive websites), or implanted malware for later access to the user computer. There’s not much the affected users can do to protect themselves: as the statement noted, changing password is a good idea; scanning user computer with updated anti-virus signatures might also help to detect malware. St. Louis Fed has to closely monitor affected applications for any anomalies in access and user behavior to detect potential intruders and prevent them from using the Fed’s systems as a stepping stone for other attacks, similar to the State Department hack.”
Stewart Draper, Director of Insider Threat, Securonix (www.securonix.com)
“There has been a rise in DNS style attacks from hacktivist and cyber crime groups of the course of the last 6 months. I think this target was selected by an opportunistic group that saw a vulnerability they could exploit. They likely allowed the exploitable system to remain while they created fake websites for those institutes connected to them in hopes of conducting further reconnaissance on financial institutes. I think once you begin redirecting traffic, your cover is blown so malicious malware will be difficult to keep on a system that could have been infected. I would imagine routing tables, communicating DNS systems from other financial institutions, would be a good starting point in data collection for these criminals.”
Richard Blech, CEO, Secure Channels (www.securechannels.com):
“This is an example of potential thieves tricking the customers of the banks whose web traffic they redirected into entering their personal information into a similar looking site. This practice is known as phishing. If the actual banks’ websites had used an authentication system that is not able to be reproduced on the phishers’ site or only accepted encrypted data input from an actual customer, the customer’s account would be safe as the phisher would be not able to reproduce the format of the encrypted data it accepts. We cannot ignore this potential for disaster. Hackers are playing with the Federal Reserve the ramifications of such a breach could be enormous and have dramatic effects on the economy.”
Links:
- http://krebsonsecurity.com/201
5/05/st-louis-federal-reserve- suffers-dns-breach/ - http://www.securonix.com
- http://www.linkedin.com/in/pau
labrici - http://www.avast.com/
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.