Submitted via IRC for SoyCow1984
Hackers Use Compromised Banks as Starting Points for Phishing Attacks
Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries.
In a report released today and shared with BleepingComputer, international security company Group-IB specialized in preventing cyber attacks describes a so called cross-border domino-effect that can lead to spreading an infection beyond the initial target. The report is based on information from incident response work conducted in 2018 by the company's team of computer forensics experts.
The incident response activities at various financial institutions revealed that in some cases the attacker used their access to send emails to other banks and payment systems.
"So the threat actor definitely carried out attacks beyond its initial targets," a company representative told us.
(Score: 4, Informative) by bzipitidoo on Saturday February 23 2019, @05:46PM (2 children)
I've seen enough bad email messages from banks that leave me doubting they have any clue at all about online security. They're full of links, for customer convenience of course. But to me, that screams that it is an attack. Once or twice I even called to make sure an email that looked suspicious really was from the bank. I am pretty cautious about following links in emails, as that's exactly what the attackers want. "Click here to log into your account" Yeah, right. Admittedly, manually typing the link into the URL bar is not 100% guaranteed either, but it's a whole lot safer than clicking a mystery link in an email.
Other parties bear some blame for the situation. Browsers and email clients don't exactly make it easy to tell spoofed links from real ones, though they have gotten better. The design of HTML's anchor tag, <A>, which allows the displayed text to have no relationship whatsoever to the URL, turned out to be a big mistake. For that matter, the design of the URL naming system leaves much to be desired. Heck, even the web designers admitted the "//:" was unnecessarily verbose. As for JavaScript, when you need more security, best just to turn it off. And if the bank's site can't work without JavaScript, maybe you ought to change banks.
(Score: 0) by Anonymous Coward on Saturday February 23 2019, @10:43PM
IT in the adult world is not giving cause for embarrassment relative to your peers. For banks, that means following whatever recommendations a recognized board of experts puts out, such as password requirements, aging, security questions etc.
Though I prefer my encoded answers to security questions over having to use google 2fa.
(Score: 2) by Pino P on Sunday February 24 2019, @03:47PM
Let's say I want to establish a bank account. These are among the requirements:
Last I checked, depositing cash or checks required the use of an ATM or branch, and deposits were less likely than withdrawals to work at a different bank's ATM network.
How likely is it that a banker in any branch of a bank with local ATMs will be familiar with whether or not the bank's website requires script? And even if some bankers are technical enough to understand this (or at least knowledgeable enough to forward your question to the right person), how likely is it that at least one local bank will work without script?