The Federal Reserve Bank of St. Louis confirmed that hackers hijacked its domain name servers in April, and warned of a potential data breach as well as exposure to malware.
In a statement, the St. Louis Fed informed those who use the bank's public economic data and analysis tools that it discovered the breach in late April. That's when attackers succeeded in hijacking the domain name servers for the institution.
The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by to hijack online communications of banks and other entities dealing with the regional Fed office.
The NCUA website was targeted by hackers in March, who also set up a fake site that used design elements from the NCUA's site. The government's Internet Crime Complaint Center issued a warning about the practice in early April.
“As is common with these kinds of D.N.S. attacks, users who were redirected to one of these phony websites may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords,” the agency said in a statement.
In the original notice first reported by Krebs on Security, the St. Louis Fed said it was made aware that on April 24, 2015, computer hackers manipulated routing settings at a domain name service (DNS) vendor used by the St. Louis Fed to automatically redirect some of the Bank's web traffic that day to rogue web pages created to simulate the look of the St. Louis Fed's research.stlouisfed.org website. This included web pages for FRED, FRASER, GeoFRED and ALFRED.”
According to the Federal Reserve, GeoFRED allows authorized users to create, customize, and share geographical maps of data found in FRED. ALFRED, short for ArchivaL Federal Reserve Economic Data, allows users to retrieve vintage versions of economic data that were available on specific dates in history.
The St. Louis Fed's own website was not compromised.
The St. Louis Federal Reserve is one of 12 regional Fed organizations, and serves banks located in the all of Arkansas and portions of six other states: Illinois, Indiana, Kentucky, Mississippi, Missouri and Tennessee. According to the reserve's Web site, it also serves most of eastern Missouri and southern Illinois.
Motivation for the attack is unknown but some speculate political activism against U.S. monetary policy.
“Attacks against the Federal Reserve banking system and its users won't be taken lightly by the Secret Service. You can expect a deep and thorough investigation,” Dave Jevans, CTO of Menlo Park, Calif.-based Marble Security mobile threat intelligence and defense, and chairman of the Anti-Phishing Working Group (APWG), said. “[It is a] great way to phish the passwords and email addresses of bankers and currency traders. Since people reuse passwords this is a ready font of juicy data to attack all users of the Fed's data.”
“These are indeed fairly common occurrences. For one, hijacking DNS is a 'good' way of reaching a sizable pool of victims to steal credentials from, to infect, or both,” ,” Erik de Jong, a security researcher at Netherlands-based Fox-IT, a global threat intelligence firm to financial institutions, said.
“Without more evidence – such as whether the phishing websites were stealing credentials, serving malware, or both – it remains tough to draw definitive conclusions,” de Jong added “Assessing the potential pool of victims might give you an idea about the motive, although that is, of course, not always clear-cut.”
Recent research sponsored by KnowBe4 shows email phishing attacks are now the number one source of data breaches with human error at the core. The study shows 67% of respondents say malware penetrated their corporate networks through email, with web surfing a close second at 63%. Another 23% say malware has infiltrated their networks but they still don't know how. The latest Verizon report shows that approximately 23% of recipients click on a phishing email. Recovering from such a tactic, even if backup works, can take hours or days.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
