Attackers Eye Online Banking

Thursday, February 13, 2014 @ 08:02 AM gHale


Attackers are taking aim at online bankers by exploiting vulnerabilities in home routers in order to hijack their DNS settings and lure users to fake bank websites — no matter what type of device they use.

Security researchers from Poland’s Computer Emergency Response Team (CERT Polska) discovered the breach.

RELATED STORIES
Router Fixed after Holes Found
Mobile Woes: Modems Expose Control Panels
Wireless Camera Allows Remote Attacks
Working a Smartphone Against Itself

Reports about the attacks first surfaced in late 2013 when iPhone users saw pages asking for their mobile transaction numbers (mTANs). This tactic resembled a ZeuS-like attack.

Cybercriminals hijacked the DNS settings of home routers and changed them to redirect online bankers to a phishing page. The malicious websites mimic the banks’ genuine sites. Everything looks normal to users, but there is no HTTPS indicator, and users might notice an unusual host name.

Vulnerabilities in home routers make DNS configuration susceptible to unauthorized remote modifications, said the CERT Polska experts.

The effects propagate to all users in local networks, regardless of hardware and system platform, provided they acquire DNS configuration from the router. The altered man-in-the-middle content of e-banking websites includes javascript injects, tricking users into giving up their usernames, passwords, and TANs.



Leave a Reply

You must be logged in to post a comment.