Cybercriminals for five hours one day took over the online operations of a major bank and intercepted all of its online banking, mobile, point-of-sale, ATM, and investment transactions in an attack that employed valid SSL digital certificates and Google Cloud to support the phony bank infrastructure. The attackers also obtained valid digital certificates for their poser bank’s servers via Let’s Encrypt, a legitimate HTTPS certificate provider, to dupe customers who, when they logged into their online accounts, were redirected to the phony systems.The bank didn’t deploy the two-factor authentication option offered by Registro.br, which left the financial institution vulnerable to an authentication-type attack as well as authentication-type flaws such as CSRF. This was a major bank heist, as this bank has $25 billion in assets, 5 million customers worldwide, and 500 branches in Brazil, Argentina, the US, and the Cayman Islands. According to the article many more banks are at risk; most banks in Latin America rely on a third-party DNS provider for their infrastructure, and at least half of the top 20 largest banks in the world use DNS providers for some or all of their DNS infrastructure.
Leave a Reply
You must be logged in to post a comment.