Details have emerged as to how hackers managed to take down the entire DNS infrastructure of a Brazilian bank in order to rob customers.
By using certificates from Lets Encrypt, the cyber thieves were able to transfer all 36 of the banks domains to phoney websites, where unsuspecting users would give away their details.
Last October hackers began this series of attacks on the Brazilian bank, which lasted three months. So successful were the attacks that the hackers managed to compromise the banks entire operations, taking over control of all 36 domains, corporate email and DNS.
Fabio Assolini , a Kaspersky Lab researcher investigating the attack said that “All domains, including corporate domains, were in control of the bad guy.” He added that the attackers also had control of the corporate email infrastructure and shut it down, preventing the bank from informing customers of the attack.
Assolini said the bank in question manages 500 branches in Brazil, the US, Argentina and Grand Cayman. It is a large bank with 5 million customers and $25 billion in assets under the bank’s control.
During the investigation carried out by Kaspersky Lab it became evident that the bank’s website was delivering malware to each one of it’s visitors, it was not a ‘simple’ site hijack. The malware, according to researchers, was a Java file hidden inside a .zip archive, which was loaded into the index file.
>See also: Fighting back against Mirai botnet
“The bad guys wanted to use that opportunity to hijack operations of the original bank but also drop malware with the capacity to steal money from banks of other countries,” Dmitry Bestuzhev, one of the researchers, said.
The researchers also announced at the Security Analyst Summit this week that the same cyber attackers had extended their operations to nine other institutions worldwide.
Kevin Bocek, chief cyber-security strategist at Venafi emphasised the importance of securing DNS infrastructure, because “Cybercriminals can now steal money by taking advantage of the one security measure every internet user has been trained to trust: the green padlock in web browsers. These padlocks are supposed to signify a trusted digital certificate is in use, but now bad actors can obtain them for free. This attack is part of a much larger problem that jeopardises the system of trust behind all digital commerce. Security professionals don’t understand the scale and scope of this problem and they don’t have the tools they need to control it.”