Search This Blog

Showing posts with label Bank Hacking. Show all posts

Anonymous Plan to Release 35,000 Documents, Targeting Russia's Central Bank

 

Hackers stole $31 million ($2 billion) from Russian Central Bank client accounts, but officials were able to recover $26 million ($1.66 billion) of the assets, according to the bank in a report issued, originally reported by Reuters.

On Thursday, a Twitter account linked to the hacker-activist organization Anonymous claimed Russia's central bank had been hacked and that 35,000 files on "secret deals" will be revealed within 48 hours. 

The report does not say how Russian Central Bank officials detected the breach, but they did so in time to freeze some of the funds while they were being transferred between bank accounts to avoid being traced. 

Anonymous is a loosely organized organization of hackers from all over the world which has been active since at least 2008 when it targeted the Church of Scientology. It then shifted to 'hacktivism,' in which it targeted governments and corporations over key concerns. Members are known to wear Guy Fawkes masks and conceal one's voices with voice changers or text-to-speech tools. 

The gang does not appear to have a clearly defined hierarchy or set of regulations, making it difficult to credit cyber operations effectively. Since before the Russian invasion, Ukraine's government, army, and banks had been subjected to Russian-sponsored cyber attacks. Mykhailo Fedorov, Ukraine's Minister of Digital Transformation, told the press the main purpose of these attacks is to destabilize the country, stir panic, and create anarchy. 

The incident is similar to one that occurred earlier this year when hackers attempted to steal over $1 billion from the Bangladesh Central Bank but only succeeded in stealing $81 million. The majority of the funds were sent to Philippine casinos. The Bangladesh Central Bank has so far been able to retrieve $18 million in stolen funds. 

The study by the Russian Central Bank came on the same day the FSB (Federal Security Service) issued a warning about foreign intelligence services may try to destabilize Russia's financial system by spreading rumors of a false crisis, fake news about bank collapses, SMS alerts, and cyber-attacks. 

The FSB claimed its agents discovered servers held by a Ukrainian web hosting company in the Netherlands which were supposed to be utilized in the alleged campaign. Officials from the FSB said they were prepared to take any steps necessary to fight the danger.

DDoS Assaults on Ukrainian Banking Elite has Resumed Yet Again


Cyberattacks took down Ukrainian official and bank websites, prompting the government to declare a statewide state of emergency amid growing fears that Russian President Vladimir Putin could launch a full-scale military invasion of Ukraine. The websites of Privatbank (Ukraine's largest bank) and Oschadbank (the State Savings Bank) were also blasted in the onslaught and brought down Ukrainian government sites as well, according to Internet monitor NetBlocks. 

"At around 4 p.m., another massive DDoS attack on the state commenced. We have relevant data from several banks," stated Mykhailo Fedorov, Minister of Digital Transformation, who also mentioned the parliament website had been hacked. Hackers were prepared to conduct big attacks on government organizations, banks, and the defense sector, as Ukrainian authorities said earlier this week. 

SSSCIP and other national cybersecurity authorities in Ukraine are currently "working on countering the assaults, gathering and evaluating information." According to the Computer Emergency Response Team of Ukraine (CERT-UA), the attackers used DDoS-as-a-Service platforms and numerous bot networks, including Mirai and Meris, to carry out the DDoS attacks on February 15th. The DDoS attacks were traced to Russia's Main Directorate of the General Staff of the Armed Forces on the same day, according to the White House. 

"We have technical information indicating ties the Russian main intelligence directorate, or GRU," Deputy National Security Advisor for Cyber Anne Neuberger stated. "Known GRU infrastructure was spotted delivering huge volumes of communication to Ukraine-based IP addresses and domains." 

Neuberger went on to say as, despite the "limited impact," the strikes can be considered as "setting the framework" for more disruptive attacks, which could coincide with a possible invasion of Ukraine's territory. 

The UK government also blamed Russian GRU hackers for the DDoS strikes last week which targeted Ukrainian military and state-owned bank websites. Following a press release from Ukraine's Security Service (SSU), which also had its website hacked, the country was attacked by a "huge wave of hybrid warfare." The SSU announced earlier this month so, during January 2022, it stopped over 120 cyberattacks aimed at Ukrainian governmental entities.

Cyberattack Disrupts the Services of National Bank of Pakistan

 

The National Bank of Pakistan (NBP) suffered a cyberattack last week that disrupted its services for three days. Hackers targeted a section of the computer system at the National Bank used for controlling the bank’s ATM network and mobile apps.

Arif Usman, NBP President confirmed the cyber-attack in which the attackers failed to gain access to the NBP’s main servers, though they did take control of some of the computers running Microsoft’s software. 

While the attack disrupted some of the systems, no funds were reported missing, according to the bank and people familiar with the attack and the current investigation.

"In the late hours of the October 29 and early morning of October 30, a cyberattack on the NBP's servers was detected which impacted some of its servers. Immediate steps were taken to isolate the affected systems. NBP’s teams supported by top specialists worked over the last 48 hours to resolve the issue,” the bank said in a statement stated. 

Due to inaccurate reporting by local news outlets, some scared customers rushed to ATMs to withdraw funds on Monday morning. The Pakistani government had to step in and issue a statement in order to calm spirits and prevent a run on all Pakistani banks. 

Pakistani security researcher Rafay Baloch shared a screenshot on Twitter earlier today claiming to portray one of the affected NBP systems. The screenshot showed a Windows computer failing to start due to a missing boot configuration file error.

Fortunately, more than 1,000 branches are opened and are working smoothly catered, the bank said in a statement on Monday. Additionally, all ATMs nationwide had been fully restored.

Earlier this year, Pakistan’s Federal Board of Revenue (FBR) database also suffered a cyberattack. Minister Shaukat Tarin informed the National Assembly that FBR portals were subjected to 71,000 cyberattacks every month on average. 

“The government needs to develop a framework and risk mitigation guidelines where a minimum level of cyber threat deterrence is maintained by country’s critical infrastructure institutions which include the banks. Pakistan should introduce industry-specific regulatory compliance that requires financial institutions to implement sufficient information security protections,” cyber security expert Haroon Ali stated.

Analysts Warn of Telegram Powered Bots Stealing Bank OTPs

 

In the past few years, two-factor verification is one of the simplest ways for users to safeguard their accounts. It has now become a major target for threat actors. As per Intel 471, a cybersecurity firm, it has observed a rise in services that allow threat actors to hack OTP (one time password) tokens. Intel 471 saw all these services since June which operate via a Telegram bot or provide assistance to customers via a Telegram channel. Through these assistance channels, users mostly share their feats while using this bot and often walk away thousand dollars from target accounts. 

Recently, threat actors have been providing access to services that call victims, which on the surface, looks like a genuine call from a bank and then fool victims into providing an OTP or other authentication code into a smartphone to steal and give the codes to the provider. Few services also attack other famous financial services or social media platforms, giving SIM swapping and e-mail phishing services. According to experts, a bot known as SMSRanger, is very easy to use. With one slash command, a user can enable various modes and scripts targeted towards banks and payment apps like Google Pay, Apple Pay, PayPal, or a wireless carrier. 

When the victim's phone number has been entered, the rest of the work is carried out by the bot, allowing access to the victim's account that has been attacked. The bot's success rate is around 80%, given the victims respond to the call and provides correct information. BloodOTPBot, a bot similar to SMSRanger sends the user a fake OTP code via message. In this case, the hacker has to spoof the target's phone number and appear like a company or bank agent. After this, the bot tries to get the authentication code with the help of social engineering tricks. 

The bot sends the code to the operator after the target receives the OTP and types it on the phone keyboard. A third bot, known as SMS buster, however, requires more effort from the attacker for retrieving out information. The bot has a feature where it fakes a call to make it look like a real call from a bank, and allows hackers to contact from any phone number. The hacker could follow a script to fake the victim into giving personal details like ATM pin, CVV, and OTP.

Vulnerabilities in bank chatbots allow hackers to steal money

Awillix specialists discovered vulnerabilities in bank chatbots that could allow fraudsters to transfer money without the knowledge of customers. Positive Technologies confirmed the risks. The largest banks reported that they limit the functionality of chatbots in messengers. 

It should be noted that about 10% of Russian banks use chatbots: they can be used in messengers, mobile applications, social networks, on the website and in the contact center.

Alexander Gerasimov, Director of Information Security at Awillix, said that chatbots in messengers, which are used for individual account transactions, may be vulnerable to malicious attacks.

The company's specialists checked the security of chatbots in two Russian credit organizations and found similar logical vulnerabilities. They allow obtaining the number and expiration date of cards, as well as finding out the account balance and cell phone number of the client.

"During the pentests, it was possible to log into the test client's account and perform a money transfer operation," Alexander Gerasimov said.

Maxim Kostikov, head of the banking systems security research group at Positive Technologies, confirmed that chatbots can be subject to various vulnerabilities, which depend on their functionality. For example, security problems can allow you to get customer data, get into their personal accounts in the chatbot, and find out the card balance.

According to him, the most popular scenarios of deception are changing the functionality of the chatbot to collect information about the person who uses it, sending malicious software on behalf of a credit institution, replacing the robot with a fraudster during communication, creating fake chatbots of banks. 

"If a person uses a bank chatbot, which is able to make money transfers in the messenger, two-factor authentication can be configured to log into the application to protect funds," stressed Infosystems Jet expert, adding that there is also a danger in cases when an attacker gained direct access to the victim's device physically or as a result of a malicious attack.

United States Issues Alert on North Korean Threat Actors Finding Better Ways to Rob Banks


The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command issued a joint warning on August 26th, alerting that North Korean hackers have reopened their campaign of targeting banks across the globe by making fraudulent transactions and ATM cash-outs.

The threat actors have made a systematic effort to attack financial institutions worldwide. They employ bold methods that do not guarantee a 100% success rate. However, these North Korean hackers have manipulated the ways in which some of the largest financial institutions interact with the international banking system. They dupe components of the system into making their hackers seem to be legitimate users; it allows them to transfer tens of millions of dollars into their accounts.

As these hackers continually intruded into bank transaction records and log files, financial institutions were prompted to release security alerts and necessary upgrades to counter and hence limit the threat. In haste to acquire valuable user data for ransom, these hackers have tampered hundreds of thousands of machines across the globe.

Notably, the attackers derived value from their failures and have amended their modus operandi in order to be more effective in their operations and fraudulent campaigns which can be seen in the $81 dollar theft from a Bangladeshi bank carried out by them in 2016. Other instances of their most profitable operations include attacking 30 countries in one single incident of fraudulent ATM cash-outs.

The alert came up with an “overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, a short profile of the group responsible for this activity, in-depth technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector.”

These attackers’ “international robbery scheme” poses a “severe operational risk” for individual banks beyond reputational harm and financial losses. A robbery directed at one bank may implicate multiple banks “in both the theft and the flow of illicit funds back to North Korea,” as per the alert.

They “initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors,” the alert states, cautioning that this suggests the hackers “are exploring upstream opportunities in the payments ecosystem.” The alert further warned.

Kaspersky Lab recorded an increase in attacks by Russian hackers on banks in Africa


Kaspersky Lab recorded a wave of targeted attacks on major banks in several Tropical African countries in 2020. It is assumed that the attacks are made by the Russian-speaking hacker group Silence.

According to the company's leading anti-virus expert, Sergey Golovanov, "hundreds and sometimes thousands of attempts to attack the infrastructure of banks in Africa are blocked every day."
According to Kaspersky Lab, the hacker group Silence has already penetrated the internal network of

African financial organizations, and the attacks are "in the final stages".
During the attack, hackers could gain access to a large amount of confidential data that can be used in the future, said Golovanov.

At the end of August 2019, Group IB calculated the amount of theft from banks by the group of Russian-speaking hackers The Silence. From June 2016 to June 2019, the amount of damage amounted to about 272 million rubles ($4.2 million). Hackers infected financial institutions in more than 30 countries in Asia, Europe and the CIS.

According to Kaspersky Lab, Silence attacks financial organizations around the world with phishing emails containing malicious files, often on behalf of real employees of organizations. Viruses use administrative tools, study the internal infrastructure of banks, and then attackers steal money (including through ATMs).

The director of the Positive Technologies security expert center, Alexei Novikov believes that Silence did not increase activity at the beginning of 2020, and attacks outside of Russia and the CIS countries are uncharacteristic for them.

Recall that in October, Group-IB reported five hacker groups that threaten Russian banks: Cobalt, Silence, MoneyTaker, Lazarus and SilentCards. According to the founder of Group-IB, "it is curious that three of the five groups (Cobalt, Silence, MoneyTaker) are Russian-speaking, but over the last year Cobalt and Silence began to attack banks mainly outside Russia".

Hackers sell data of 80 thousand cards of customers of the Bank of Kazakhstan


An announcement about the sale of an archive of stolen data from 80,000 Halyk Bank credit cards appeared on the Darknet's site Migalki.pw.

It should be noted that Halyk Bank of Kazakhstan is the first Bank in the country in terms of the number of clients and accumulated assets. This is not the first time for a Bank when data has been compromised.

The fact that the archive consists only of Halyk Bank cards suggests that the cards were stolen inside the structure.

Typically, identifiers of stolen cards are obtained using MitM attacks (Man in the middle). While the victim believes that he is working directly, for example, with the website of his Bank, the traffic passes through the smart host of the attacker, which thus receives all the data sent by the user (username, password, PIN, etc.).

It is possible that the archive is not real. This may be a bait for potential carders created by the Bank, the so-called honey pot. This trap for hackers creates an alleged vulnerability in the server which can attract the attention of attackers and inspire them to attack. And the honeypot will see how they work, write down the information and pass it to the cybersecurity department.

Although, such actions are risky for the image of a financial institution, as any Bank tries to avoid such negative publicity.

It is important to note that all data leaks from the Bank is the personal fault of the owners, managers of the Bank. In Russia and in Kazakhstan, in case of data leakage, the bank at best publishes a press release stating that "the situation is under control". However, banks in the US and Europe in the same situation receive a huge fine.

Insider Threat : Employees of Russian banks are massively recruited to get data


In Russia, there are 73 services that recruit insiders in Russian banks. This information was shared by Darknet researcher Anton Staver.

"Many groups providing such services is due to the amount of work that falls on them," explained Staver. According to the researcher, services that recruit Bank employees receive up to 50 orders a day, which is enough for the existence of an entire industry.

The expert said that customers of such data are usually competitors of banks, jealous spouses of customers, as well as hackers and scammers. Scammers often asked to choose a list of victims with the big account balance. At the same time, according to Staver, recruitment is most often “carried out by specialized structures”.

The expert noted that recruiters receive from customers about 15 thousand rubles ($240) for one employee of the Bank. During the work, the recruiter receives the search criteria, after which the client receives the contacts of the necessary person in Telegram or Jabber. It takes about 5-7 days to search for an insider.

Pavel Krylov, who runs a company specializing in the investigation of cybercrime, agrees with the research data. "Fraudulent schemes using personal data are now successful and effective, so attackers are actively looking for insiders in banks," said the expert. He also noted that various criminal groups taking advantage of theft and withdrawal options use schemes with recruitment for monetization.

The cost of recruitment ranges from 7 thousand to 100 thousand rubles ($112-$1600) and depends on the complexity of the task. If the security service of the Bank works effectively, the price will be much higher. Employees are usually hired through social networks, instant messengers, personal contacts, LinkedIn.

Capital One Data Breach, Hacker gets Access to 100 Million Accounts


A massive data breach to Capital One servers compromised the personal details of an estimated 106 million bank customers and applicants across Canada and the US.

The suspected hacker, Paige Thompson, 33, has been arrested by FBI on Monday. She has shared details about the data breach on a GitHub page earlier in April, according to the criminal complaints.

Thompson broke into a Capital One server and illegally acquired access to customers' names, addresses, credit limit, contact numbers, balances, credit score, and other related data.

According to the documents, the 33-year-old, Seattle resident gained access to 80,000 bank account numbers, 1 million Canadian Social Insurance numbers, and 140,000 Social Security numbers.

Thompson who had previously worked with Amazon Web Services as a software engineer was able to access the data by exploiting a misconfigured web application firewall in company's infrastructure, as per a court filing.

Despite the magnitude of the breach, "no credit card account numbers or log-in credentials were compromised and over 99% of Social Security numbers were not compromised," the company told.

Expressing concern over the matter, Chairman Richard Fairbank, said, "While I am grateful that he perpetrator has been aught, I am deeply sorry for what has happened.

"I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right," he assured.

Meanwhile, the company is notifying the victims and aiding them with identity protection and free credit monitoring.



Hackers made Bank clients debtors - Large-scale data breach occurred in Russia



On June 8-9, Alfa-Bank was attacked for several hours, as a result of which the stolen funds appeared on the accounts of random customers of the credit institution.

Some clients of the Bank received amounts from 10 to 15 thousand rubles ($ 155-235). Many of them quickly spent this easy money.

However, immediately after the payment, Alfa-Bank clients were charged amounts two to three times more than the fraudsters sent. They formed an overdraft or a short-term loan.

Alfa-Bank solved the problem with hacking within a few hours, and clients of Bank are obliged to return the money that came from hackers in full amount. However, there were no official comments from Alfa-Bank.

Experts said that such a fraud can be done only with access to the Bank's system. Therefore, the security service is looking for fraud among its employees.

It is worth noting that on June 9, the Russian newspaper Kommersant reported the leakage of personal data of 900 thousand clients of Alfa-Bank, OTP Bank and Home Credit Bank in Russia. According to the published material, the names, phone numbers (mobile, home and work), address and place of works, passport data of almost 900 thousand Russians including 55 thousand customers of Alfa-Bank were publicly available on the Internet, as well as balances on the accounts of clients of Alfa-Bank limited to a range of 130-160 thousand rubles.

The company DevicеLock found the leaks. They occurred at the end of May, the data were collected a few years ago, but a significant part of the information is still relevant. Moreover, DeviceLock discovered two customer databases of Alfa-Bank: one contains data on more than 55 thousand customers from 2014-2015, the second contains 504 records from 2018-2019.

An interesting fact is that one of the databases of clients of Alfa-Bank contains data on about 500 employees of the Ministry of Internal Affairs and about 40 people from the FSB (the Federal Security Service).

The Press Service of Alfa Bank said that at the moment they are checking the accuracy and relevance of information.

Russian hacker convicted of hacking a payment system and stealing from ATMs


The court of the Saratov region found guilty a local resident who hacked and gained access to the website of the Omsk company collecting utility payments.

A 19-year-old hacker was accused under the article "unauthorized access to computer information." Employees of the Federal Security Service of Russia in the Omsk region found and detained him.

Omsk investigators found that in the autumn of 2017 the defendant hacked into the payment system using special software from his home computer. The system was intended to make online payment of utilities.

As a result, the hacker was able to gain access to user personal accounts. After copying all the information, he contacted representatives of the Service and offered for a fee to provide information about the way to fix the vulnerability in the security system.

The court found him guilty and sentenced him to twelve months for unauthorized access to computer information.

At the same time in Krasnoyarsk, it turned out that the hacker group hacked the management system of ATMs using special devices.

According to Irina Volk, the official representative of the Ministry of Internal Affairs of Russia, a criminal group of three men aged 24 to 57 years committed 27 crimes from October 2017 to February 2018. However, at the time of the arrest, the defendants were involved in 8 similar crimes, the total amount of damage was 15 million rubles. So, the number of crimes and damage has doubled for today.

Hackers worked at night, used software to disable the security system then opened payment terminals.

Criminals were detained by the police when committing another theft. During searches, police seized the computer equipment, tools and two expensive cars bought on the stolen money.

Hackers are waiting in custody the verdict of the court. They are charged under six articles.

25 million rubles disappeared from the IT Bank, again hacker group Silence?






On February 12, it became known that on February 7 a hacker attack was committed on the IT Bank of the Russian city Omsk. Hackers stole 25 million rubles. Experts suggest that this may be the group Silence.


Recall that Silence is a group of Russian-speaking hackers, the first activity was recorded in 2016. Hackers specialize in targeted attacks on Banks, sending phishing emails with malicious attachments.

The experts were not surprised that the Bank could not withstand the attack, as The Bank's management allocated too little money for security. According to the Bank's reports on the official website of the Central Bank, the annual spending on communication services, telecommunications and information systems for three years amounted to about 2 million rubles.

According to Alexey Novikov, the Director of the expert center for security at Positive Technologies, hacking is small and for an insufficiently protected organization can be an intermediate step before an attack on another, larger company.

The Central Bank commented that they were working on the problem of information security in credit and financial institutions.
The management of IT Bank refused to comment but assured that the customers did not suffer.

Two financial institutions investigating hacks, customer data may have been leaked


Bank of Montreal (BMO) and CIBC-owned Simplii Financial on Monday revealed that data of thousands of customers may have been breached in recent hacks on Canada’s two of the largest financial institutions.

The banks warned that “fraudsters” may have accessed some customer accounts.

Simplii Financial, which is CIBC’s direct banking brand, revealed that data from 40,000 client accounts may have been electronically accessed by fraudsters. BMO similarly said that it received a tip on Sunday that claimed the confidential information of “a limited number of customers” had been accessed.

Simplii said that it has “implemented additional online security measures”, which include online fraud monitoring and online banking security measures.

“We’re taking this claim seriously and have taken action to further enhance our monitoring and security procedures,” said Michael Martin, senior vice president of Simplii Financial, in a statement. “We feel that it is important to inform clients so that they can also take additional steps to safeguard their information.”

BMO said the hack appeared to have originated outside Canada. The tipsters, in BMO’s case, were reportedly the hackers themselves.

"We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off," BMO said. "We have notified and are working with relevant authorities as we continue to assess the situation. We are proactively contacting those customers that may have been impacted and we will support and stand by them."

"If a client is a victim of fraud because of this issue, we will return 100 per cent of the money lost from the affected bank account," a press release by Simplii said, adding that there is no indication that clients who bank through CIBC have been affected.

The bank also told customers to send any suspicious correspondence to fraud@simplii.com.

Dutch Tax Authority and Banks Face DDoS Attacks

The national tax office in the Netherlands and several of the country’s largest banks were hit by a distributed denial-of-service (DDoS) attack on Monday.

The tax office said that its website had gone down for 5-10 minutes after the attack.

ABM Amro, ING, and Rabobank are some of the major banks affected by the DDoS attack which disrupted online and mobile banking services over the weekend.

The attacks led to banks’ services being down for hours at a time.

"We are now working on an alternative access route to the site, it is not yet possible to say how long this will take," Rabobank said.

"Since the big DDoS attack on ING in 2013, everything seemed to be in order. There is now clearly something we need to respond to, and we are discussing this with the banks," a spokesperson from the Dutch central bank, DNB, had to say.

Spokesperson for the Tax Authority, André Karels said that no data had been leaked and that the attack is under investigation by the National Cybersecurity Services.

DDoS attacks work to bring down websites by sending a lot of traffic to one server at the same time. While such attacks itself cannot cause a breach in networks or data to be leaked, they are often used as distractions by hackers trying to penetrate a network.

DDOS, APT attacks on Corporate and Banks


With spate of Distributed denial of service attacks and APT attacks on Banks and corporates, Anti DDOS mitigation vendors and ISP are joining together to fight the menace of DDOS attacks.

A few vendors work with ISP to mitigate the threat, working on putting up monitoring agents on every ISP(hardware box) which is connected to mitigation cloud.
A Bank official told on conditions of anonymity "ISP quickly responds to DDOS attack and mitigates for the customer. But comes to them with a Fat Proposal. Customers need to pay a standard amount ever year to get a protection.  In addition to this amount, they have to pay extra money every time they get hit.  The billing can run into lakhs for banks/corporate who take DDOS mitigation."
Another bank official confided that they have asked for a standard quote per year(ISPs are yet to respond).

Smaller vendors cannot tackle DDOS attacks. It has to be anti ddos companies with ISP which can handle this.

Some corporate and Banks are going in for a solution - They place their main websites and Mobile portal behind a Cloud Based WAF/Anti DDOS mitigation service. At the corporate end, they have a firewall and IPS making sure that no direct connection from the Internet is possible to their ISP Pipe. Does this solve the problem is yet to be seen.

"Advanced Persistent threat are followed by DDOS attacks, this is done to to erase any tracks of compromise on firewall, router, Intrusion Prevention Systems" says J Prasanna, Director, Cyber Security & Privacy Foundation Pte Ltd, a singapore based Cyber security certification organization.

The corporate/Banks are seeing only the DDOS and putting DDOS mitigation in place. It has to be checked to see if there is any compromise on data, criminal compromise from banks/corporate. The criminals could have gained access to the data or network and remain stealth for a long time", says Mr. Sreeram, Director, AVS Labs Pte Ltd, Singapore(organization which does consulting and services on cyber security).

The main problem for organizations is there are many vulnerabilities on systems which are undetected for a long period of time. The vulnerabilities could remain on the application software code written by software programmers or it could be in operating system, networks and other critical system level application. The black hat hackers(APT attackers) could exploits these vulnerabilities generally called 0-day vulnerability which could be used to enter into the systems.

Most of these organization need a "0-Day Vulnerability Assessment & Penetration Testing" and "APT Analysis" to find any Security breach". Normally not every one can do this because you need the best talents on board like "bounty hunters" who do vulnerability finding for fortune 500 companies. But that is no it - " Most bug bounty hunters cant find beyond web vulnerabilities", These auditors/assessors need the 0 day exploits and also knowledge of how APT attacks work. Most organization which perform regular Vulnerability Assessment and Penetration testing and even who do ISO 270001 certification implementation don't have capability to handle Zero-day or APT assessments.

Is a corporate with ISO 270001 standard implementation safe? A quite survey taken for 25 organizations show that almost all had standards implemented and they all experienced data theft. Some of corporate CISOs don't want to accept APT attacks, most of this information of compromise never reaches the management.

All the attacks happened at technical level, because of poor technical controls or products like antivirus/firewall/intrusion prevention not doing what they said they will do.

Do we still trust the ISO270001 implemented in corporate or the products they are using inside to save our data!

Distributed Denial of Service(DDOS) attacks

A well-known Indian security news portal was targeted on May 21st morning by a DDOS attack. 2 hours before the attack the company tweeted "NSA planned to hijack Google App Store and plant malware on all Android Apps" and provided a news link. Whether the DDoS attack and this tweet are connected is an interesting speculation.

But the larger and more critical question is the vulnerability of digital assets. One would naturally assume that they had a robust defensive strategy in place. But, the DDoS attack which has brought down the portal suggests otherwise.

There has been series of hack and DDOS attacks on major corporate, Telecommunication and net banking portals.

“Today the digital assets of a knowledge or service based company has more value than its tangible physical assets. It’s imperative that they think beyond ready made security tools from the market and move towards employing security professionals who can provide customized security audit. “ says J.Prasanna of Cyber Security and Privacy Foundation.

"Even going to the police will be of not much help since these attacks are sophisticated and originate from different geographies. Very few have the forensics capability to make a credible case in a court." says SreeRam, the Police KravMaga instructor who is also part of a singapore based security company.

Both agree that … “with India's increasing clout in world trade and balance of power tilting gradually towards Asia, asymmetric warfare tactics like cyber terrorism will be relied more frequently to dent the credibility of the nation. As on date, India does not seem to have the aggressive posture as a deterrent.”

Hackers steal $450K from City of Gold Bar Bank Accounts

security breach

Over the past year, Hackers have managed to break into bank accounts belong to the City of Gold Bar and stole $450,000.

According to HeraldNet's report, the city has recovered about $230,000 of the $450,000 taken. They’re currently working with the Bank to recover the rest of it.

The security breach came to light on November 2011 when someone tried unsuccessfully to pass fake checks from city accounts.They immediately contacted law enforcement and the state Auditor's Office.

At the time, they closed out that bank account and opened others, but hackers managed to gain access to the new account as well.

"It was a very knowledgeable group of people," Mayor Joe Beavers said. "They really whacked up on us hard."



Nigeria Bank Finbank Site Hacked and defaced By Hitcher

Nigeria Bank Finbank Site Hacked and defaced By Hitcher. He just upload a newhitcher.html file to the Website.

About FinBank:
Offers a wide range of banking products and financial services to corporate and retail customers through a variety of delivery channels, specialized subsidiaries and affiliates in the areas of Investment Banking, Retail Banking and Private Banking. We provide services covering financial institutions, sovereign and multinational organizations by originating, selling, structuring debt instruments, foreign exchange and money market products

Hacked Site:
http://www.finbank.com.ng/newhitcher.html


Mirror of Defacement:
http://legend-h.org/mirror/224188/finbank.com.ng/newhitcher.html