United States payment processing companies were targeted by BGP hijacking attacks on their DNS servers. These Internet routing attacks were designed to redirect traffic directed at the payment processors to servers controlled by malicious actors who would then attempt to steal the data. On three separate dates in July, Oracle has stated that they saw what appeared to be BGP hijacks that targeted the DNS servers for U.S. payment processors Datawire, Vantiv, or Mercury Payment Systems. According to Oracle, the first attack started on July 6th 2018 with a short duration attack that attempted to reroute the following network prefixes, or blocks of IP addresses. These attacks were targeting the Vantiv and Datawire payment processing companies.
Tim Helming, Director of Product Management at DomainTools:
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.