[Cryptography] phishing attack again - $300m in losses?
Jim Gettys
jg at freedesktop.org
Mon Feb 16 10:15:55 EST 2015
On Sun, Feb 15, 2015 at 9:45 AM, ianG <iang at iang.org> wrote:
> http://mobile.nytimes.com/2015/02/15/world/bank-hackers-
> steal-millions-via-malware.html?_r=0
>
> "In many ways, this hack began like any other. The cybercriminals sent
> their victims infected emails — a news clip or message that appeared to
> come from a colleague — as bait. When the bank employees clicked on the
> email, they inadvertently downloaded malicious code. That allowed the
> hackers to crawl across a bank’s network until they found employees who
> administered the cash transfer systems or remotely connected A.T.M.s. "
>
>
>
I have to wonder whether the scale of banking losses going on due to home
router DNS attacks may be much larger than
directly
breaking into the banks
in that article
, but since they are much more distributed, harder to detect.
See:
http://securelist.com/blog/research/57776/the-tale-of-one-thousand-and-one-dsl-modems/
Lest you think: "It's Brazil, and DSL, and doesn't apply to me", there are
reports of similar attacks on cable routers in the U.S. We just don't know
the scale (yet). We do know the scale was 4.5 million routers just in
Brazil 2-3 years ago...
- Jim
"Friends don't let friends run factory firmware."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150216/9336be32/attachment.html>
More information about the cryptography
mailing list