(WEB HOST INDUSTRY REVIEW) — In what could be the first documented Domain Name System cache poisoning attack on a major financial institution, Brazilian bank Banco Bradesco (www.bradesco.com.br) was successfully attacked by a DNS cache poisoning attack, redirecting users to a phony Bradesco server where the impostors could steal users’ passwords.
According to Brazilian news site Globo.com, a recursive DNS server from Brazilian ISP Virtua (www.virtuabrasil.com.br) that hosted Bradesco was the target of cache poisoning, which change the IP addresses that users received, causing Bradesco’s website and Google AdSense account to redirect users to malicious sites where scammers could steal users’ personal data and install Trojan viruses.
In an eWeek article, Security Center editor Larry Seltzer pointed out that this attack shows the potential for DNS cache poisoning attacks to leave end users helpless. Seltzer said the only real way to prevent these attacks is to use DNSSEC, which uses public key encryption to authenticate the sources of DNS results.
Even with legislation posed to pressure change in Washington, it will take many years and resources to implement, and hackers will likely find new ways to infiltrate banks by then. InBrazil and elsewhere, however, DNS software vulnerabilities remain a threat to users according to Seltzer.
“I’m more inclined to believe that Brazil is the canary in coal mine here,” Seltzer wrote. “The bad guys in this business have a habit of picking up on what works. It’s unlikely that DNSSEC will ride to our rescue before we start getting attacks like this back home.”
No related posts.
