This Month's Einstein Award

Discussion in 'other security issues & news' started by hawki, Apr 21, 2016.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    "Bangladesh Bank exposed to hackers by cheap switches, no firewall ..."

    "Bangladesh's central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world's biggest cyber heists said...."

    http://www.reuters.com/article/us-usa-fed-bangladesh-idUSKCN0XI1UO
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,075
    So basically every grandma and grandpa has better network security than their central bank...

    @hawki: your avatar shows great reaction to this news :)
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,075
    Second-Hand Switches, No Firewall, Custom Malware Facilitated Bank Cyber-Heist
    http://news.softpedia.com/news/seco...are-facilitated-bank-cyber-heist-503388.shtml
     
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    "Malware attacks on two banks have links with 2014 Sony Pictures hack

    Security researchers have found a long chain of coding coincidences linking attempted fraud over the SWIFT network to the 2014 Sony Pictures hack"

    http://www.pcworld.com/article/3069...-2014-sony-pictures-hack.html#tk.rss_security

    "Security researchers at BAE Systems believe the same hackers who breached Sony Pictures in 2014 were involved in the $81m heist from Bangladesh Bank."

    http://www.zdnet.com/article/sony-2014-breach-linked-to-81m-bangladesh-bank-cyber-heist/

    If indeed a North Korea-sponsored unit was responsible for the Sony attack, as many believe, this has terrifying implications. North Korea sniffing out an economic weapon of mass destruction.
     
    Last edited: May 13, 2016
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    "Is North Korea behind the £81m Bangladesh bank cyber-heist?"

    "....The BAE report, titled Cyber Heist Attribution, claims what initially appeared to be an isolated attack against one bank has turned out to be larger in scope than previously thought...

    ..according to BAE, other malware similarities exist in the Bangladesh hack example, including with the encryption keys used and a number of names of programming elements known as "mutual exclusion objects". "The links come through the code, which bears the hallmarks of a single, consistent coder," said Adrian Nish, BAE's head of threat intelligence.

    The malware analysed that links the two incidents is called "msoutc.exe" and, according to BAE, matches the strain described by a US CERT alert in 2015 which warned about malware used in the Sony cyber-hit..."

    http://www.ibtimes.co.uk/north-korea-behind-81m-bangladesh-bank-cyber-heist-1559949
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    "..In both cases Swift said insiders or cyber attackers had succeeded in penetrating the targeted banks’ systems, obtaining user credentials and submitting fraudulent Swift messages that correspond with transfers of money...

    In the second case SWIFT said attackers had also used a kind of malware called a “Trojan PDF reader” to manipulate PDF reports confirming the messages in order to hide their tracks..."

    https://www.theguardian.com/technol...it-by-sophisticated-malware-attack-says-swift

    The attack vector in the second attack was a PDF Reader used by the customer to check its statement messages.

    http://www.cnet.com/uk/news/cyber-t...acking-same-swift-financial-messaging-system/

    "“The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks –- knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.”

    http://www.bloomberg.com/news/artic...-hacker-attack-on-bank-after-bangladesh-heist
     
    Last edited: May 13, 2016
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,075
    Swift Is Hacked Again. The Bitcoin/Blockchain Fat Lady Sings.
    http://seekingalpha.com/article/3975082-swift-hacked-bitcoin-blockchain-fat-lady-sings

     
  8. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    https://blogs.mcafee.com/mcafee-labs/attacks-swift-banking-system-benefit-insider-knowledge/
     
  9. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
  10. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
Loading...