Friday, July 22, 2011

DNS Cache Poisoning Attack Hits Santander Bank In Brazil

Man-in-the-Middle attacks have started to emerge as the attack-class of choice by sophisticated hackers, as many institutions have started implementing preventative measures against Phishing attacks and Pharming attacks by adopting one-time password generators.

DNS Cache Poisoning attacks are not so common yet, and reported cases of it hitting banks are even more rare. Santander Bank's Brazilian branch just got hit by such an attack. The hackers managed to hijack the DNS servers that resolve the santander.com.br website and replace it with a visually perfect copy so as to harvest customer credentials and passwords. The only giveaway to users would have been if they glanced at the URL address bar in the browser and noticed that it was HTTP instead of HTTPS, a fact that the majority of users would have overlooked.

So it might be too early to pronounce the death of one-time passwords for most user authentication purposes, but it definitely is passe and old hat for banking security. Banks will have to adopt challenge-response and transaction data signing as hackers continue to innovate on all fronts and develop more man-in-the-middle attack class ranging from man-in-the-phone, man-in-the-browser, browser poisoning and the aforementioned DNS Cache Poisoning.

2 comments:

  1. The threats to information systems from criminals and terrorists are increasing. Many organisations will identify information as an area of their operation that needs to be protected as part of their system of internal control. Although, the most terrible thing is that no one is immune to data threats. The only my advice is to use VDR for secure file sharing. You can help yourself in finding more info here: virtual data room reviews

    ReplyDelete
  2. There are numerous motivations to why a security monitor is wanted to a police authority; To start with, assurance is one of the essential purposes for employing these gatekeepers. With a security monitor, the decision is dependably staring us in the face whom to pick and what number of to pick, it is the decision made by the person who employs a protect. have a peek at this web-site

    ReplyDelete