Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hackers Steal Money. Show all posts

Indian Banks Failing to Protect Their Cyber Security

 


Indian Banks Failing to Protect Their Cyber Security In Thane, Maharastra some unidentified fraudsters hacked the server and tampered with the data of a cooperative bank. According to Police, the hackers allegedly siphoned off Rs. 1.51 crore to various accounts from the Dombivli Nagarik Sahkari (DNS) bank on March 12. 
 
Following the attack, a case has been registered against unidentified persons under section 420 (Cheating and dishonestly inducing delivery of property) of the Indian Penal Code (IPC) and section 65 of the Information Technology Act at Manpada police station under the Kalyan division who has started a probe into the incident in collaboration with Thane cyber police.  
 
The security incident draws light on the issue of bank frauds that have become deep-seated in the Indian Financial System. In just over seven years, Indian banks have witnessed frauds surpassing $5 trillion with total fraud loans amounting to Rs. 1.37 lakh crore in the last year alone.  
 
Shocking scams like Punjab National Bank (PNB) scam (2018), Cosmos Bank cyberattack (2018), Canara Bank ATM Hack (2018), along with many other vishing, phishing, ATM skimming, and spamming attacks have continued to plague Indian banks over the recent years. With an increase in digital-based transactions, money cheating cases have also witnessed a sharp rise. The techniques and resistance measures employed by banks to safeguard their customers’ financial data and money have met with progressive and sophisticated hacking techniques used by fraudsters in India.  
 
John Maynard Keynes, after examining the condition of banking in India said banking in India should be conducted on the safest possible principles while calling India a “dangerous country for banking”. The apprehension has proven to be prophetic in the modern world as financial institutions failing to conduct prudent banking have become the center of monetary scams. Reportedly, the State Bank of India (SBI), HDFC Bank, and ICICI Bank constituted a majority of incidents totaling more than 50,000 fraudulent incidents in the last 11 fiscal years.  
 
Digitalization in India has led to the manifestation of ‘Digital Money’ and cashless transactions have been on a continual rise. Consequently, the protection of data and privacy becomes more important as a fragile cybersecurity system can have serious repercussions for any bank’s customer base.  
 
Data breaches have emerged to be a serious threat in the banking sector which further amplifies the need for an impenetrable banking system as recovering from data breaches and regaining control of a breached server can be extremely stressful and time-consuming. In order to strengthen the evolution of the banking system, banks require to identify and plug the gaps in security. Part of the problem can be attributed to the accelerated pace of digitization which has increasingly required the same kind of investment on the cyber hygiene side as well.  
 
Some of the viable measures that banks can undertake include proactive security techniques like ‘Whitelisting’ (blocks unapproved programs while only allowing a limited set of programs to run) and BIOS passwords (prevents external access to systems and servers). Awareness of employees, stringent filtering, and communicating regularly with regional offices are some of the other preventive measures as advised by the security experts.

Hackers Drained $120m From Badger Defi and $30m From MonoX

 

Two decentralized finance platforms BadgerDAO and MonoX had witnessed security breaches in two separate attacks in which hundreds of millions of dollars worth of cryptocurrency has been drained by the threat actors. 

The threat security research unit of BadgerDAO Company discovered the attack on 2nd December wherein a malicious group has stolen $120 million, while MonoX lost $31 million to unknown attackers on November 30th. 

As per the blockchain security and data analytics Peckshield organizations, which are working with BadgerDAO to investigate the further heist, the various tokens that have been stolen in the attack are worth more than $120 million, the researchers told in their findings. 

As soon as the Badger got to know about the unauthorized transfers, it had stopped all smart contracts, essentially freezing its platform, and warned its clients to decline all transactions to the hackers’ addresses. 

The company has reported that it has “retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own.” 

On the other hand, MonoX has acknowledged the breach and explained in a blog post that the breach occurred after a group of hackers exploited a vulnerability in smart contract software; Smart contracts are digital contracts stored on a blockchain that is automatically executed when all terms and conditions are met. 

It is being estimated that the group of hackers has managed to steal more than $ 30 million in funding, mostly MATIC and WETH. A “swap method was exploited and the price of the MONO token has risen to a new high”, the company reported. 

“The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract”, the company added.

Furthermore, as listed below, Igor Igamberdiev, an IT security researcher was able to break down the stolen tokens. He uploaded the list on his Twitter handle. 

1. – 5.7M MATIC ($10.5M) 
2. – 3.9k WETH ($18.2M) 
3. – 36.1 WBTC ($2M) 
4. – 1.2k LINK ($31k) 
5. – 3.1k GHST ($9.1k) 
6. – 5.1M DUCK ($257k) 
7. – 4.1k MIM ($4.1k) 
8. – 274 IMX ($2k)

To Stay Under the Radar, Magecart Credit Card Skimmer Avoids VMs

 

A new Magecart threat actor is utilizing a digital skimmer to steal people's payment card information from their browsers. It uses a unique kind of evasion to circumvent virtual machines (VM) so it only targets actual victims and not security researchers. Researchers from Malwarebytes found the new campaign, which adds an extra browser process that checks a user's PC for VMs using the WebGL JavaScript API, according to a blog post published Wednesday. 

It accomplishes this by determining whether the operating system's graphics card driver is a software renderer fallback from the hardware (GPU) renderer. The skimmer is searching for the words swiftshader, llvmpipe, and VirtualBox in the script. SwiftShader is used by Google Chrome, while llvmpipe is used by Firefox as a backup renderer. 

 “By performing this in-browser check, the threat actor can exclude researchers and sandboxes and only allow real victims to be targeted by the skimmer,” Malwarebytes Head of Threat Intelligence Jérôme Segura wrote in the post. 

Magecart is an umbrella term for various threat organizations that infect e-commerce websites with card-skimming scripts on checkout pages in order to steal money and personal information from customers. Because security researchers are so familiar with their activities, they are always seeking new and inventive ways to avoid being detected. 

The most frequent way for evading detection, according to Segura, is detecting VMs used by security researchers and sandboxing solutions that are intended to pick up Magecart activity. "It is more rare to see the detection of virtual machines via the browser for web-based attacks," he said. Threat actors typically filter targets based on geolocation and user-agent strings, according to Segura. 

Researchers discovered that if the machine passes the check, the process of personal data exfiltration can proceed regularly. The customer's name, address, email, phone number, and credit card information are all scraped by the skimmer. “It also collects any password (many online stores allow customers to register an account), the browser’s user-agent, and a unique user ID. The data is then encoded and exfiltrated to the same host via a single POST request,” said Segura. 

To help consumers avoid being targeted and compromised by the campaign, Malwarebytes has released the skimmer code as well as a thorough list of indicators of compromise in its post.

Decentralized Finance (Defi) Protocol Akropolis Hacked For $2 Million In DAI

 


Decentralized finance (defi) protocol Akropolis was recently hacked for $2 million in DAI, in the most recent flash loan attack to hit the 'nascent defi industry'. 
When the attack occurred, (GMT timezone) Akropolis admins stopped all transactions on the platform to forestall further losses. In a statemen on Nov. 12, Akropolis revealed that the hack was executed over an assemblage of s contracts in its "savings pools". 

The attacker stole the platform's Ycurve pool in batches of $50,000 in the stablecoin DAI. This specific pool permits investors to trade stablecoins and procure interest.

Despite the fact that Akropolis says that it recruited two firms to further investigate the incident, yet unfortunately neither one of the companies were able to pinpoint the attack vectors utilized in the exploit.

“At ~14:36 GMT we noticed a discrepancy in the APYs of our stablecoin pools and identified that ~2.0mn DAI had been drained out of the Ycurve and sUSD pools,” revealed Akropolis. 

The hacker though was still able to discover loop holes to exploit, wiring his 'loot' to this address. Akropolis clarified additionally: “The attack vectors used in the exploit were not identified in either audit. The essence of the exploit in question is a combination of a re-entrancy attack with Dydx flash loan origination.”

Flash loan attacks have gotten rather common against cryptocurrency services running DeFi (decentralized financed) platforms that enables users to either borrow or loan 'using cryptocurrency, speculate on price variations, and earn interest on cryptocurrency savings-like accounts.' 

These attacks are noticed to have been on a quite steady rise since early February this year, and one of the biggest flash loan attacks occurred just a month ago, in October, when hackers stole $24 million worth of cryptocurrency assets from DeFi service Harvest Finance. 

Others pools were fortunately not affected. These included compound DAI, compound USDC, AAVE sUSD, AAVE bUSD, curve bUSD, curve sBTC. Native AKRO and ADEL staking pools were also left untouched. 

Nonetheless, the Akropolis group said that it is still looking for approaches to repay the affected user “in a way that is sustainable for the project”. All stable coin pools have been put on a hold currently, it added.

Hackers steal money from cards through the Uber and VTB applications


A resident of Russia Anna Kozlova, resting in Spain, lost 14 thousand rubles ($220). The money was stolen from her VTB Bank card through the Bank's mobile app and Uber.

At first, the woman was charged 2 rubles from the card, it looked like a standard check of the solvency of Uber customer, especially since the money immediately returned to the account.

However, immediately after this, 2829 rubles were debited from the card. The app’s notification said it was Uber service fee that Anna hadn’t actually used since she was sleeping.
Then notifications, according to the tourist, began to come one after another. After 22 minutes, when she woke up, the girl blocked her card, but by that time the cost of four more trips that she had not made was debited from the card.

Unknown stole from Kozlova 14 118 rubles and did not stop trying to withdraw money from her account even after blocking the card. It is curious that all write-offs were allegedly made by the international service Uber, which in Russia was merged with Yandex.Taxi.

When Anna contacted the support team of this company, the staff could not give her information about the write-offs. The VTB support service clarified that the last write-offs were made from Moscow, and then Anna appealed to Uber Russia.

The Russian company Kozlova explained that if she did not use a taxi, it means that someone received the data of her Bankcard, including CCV code, and used it for payment.
Kaspersky Lab experts explained that fraud schemes through taxi services are no longer uncommon.

According to them, there are channels in the messengers where you can order a taxi at a great discount. The scheme looks something like this: the passenger sends a message to such a channel indicating the details of the trip, and the attacker calls a taxi using the stolen account.

After completing the trip, the driver receives money from the owner of the stolen account, and the passenger transfers the money directly to the attacker. In order to remain unnoticed for as long as possible, attackers can track the owner of a hacked account on social networks and organize such trips at night when it is likely that a person is sleeping, or during the victim’s travel abroad.