Hackers have 'compromised' almost 100 bank employees, experts say
www.abc.net.au
Cybercriminals have stolen and shared almost 100 staff logins for Australia's Big Four banks, putting those businesses at a higher risk of mass data theft and ransomware attacks, cyber security researchers say.
  • nucleative@lemmy.worldEnglish
    3·
    29 days ago

    This is a funny article and kind of reads like the reporter just discovered the “hacker” community. Is it a scare piece for uninformed readers?

    They highlight a social media post where some cybercriminal is selling username/password lists for crypto.

    I don’t know if it’s common knowledge or maybe I hang out in weird places but there’s a whole lot more of this on the internet and has been for as long as I can remember.

    The reporter goes on to allude - although doesn’t say exactly - that the accounts require 2FA at the banks to grant access so they aren’t actually compromised.

    But then the reporter goes on to say the usernames and passwords might give “initial access” which is bad, but didn’t really explain what that is.

    I guess the real news is that these credentials were stolen with a keylogger. What kind of bank IT system doesn’t have better malware blocking?

    *Edit brb gonna drop some USB thumb drives outside their headquarters office building with sexypics.exe on the root and see who installs my malware

    • Cypher@lemmy.world
      2·
      29 days ago

      Basically cyber security researchers monitoring the dark web have found credentials in dumps belonging to bank staff, this is concerning but doesn’t necessarily mean bank systems were directly compromised.

      Staff members personal devices may have been compromised by infostealers not necessarily key loggers. Different malware but basically with the same end goal.

      Or they could have been the result of a phishing campaign. There are a range of tactics, techniques and procedures (TTPs) for credential harvesting used by threat actors (hackers).

      Typically initial access brokers obtain the credentials and sell them to other criminals and sometimes provide a small set for free so potential buyers can validate before they buy.

      Speaking of TTPs that’s what is alluded to when they say initial access, which is a Tactic under the Mitre Attack framework.

      https://attack.mitre.org/tactics/TA0001/

      The banks response that there are systems in place to prevent use of these stolen credentials is more than just 2FA but also conditional access policies, active monitoring and cyber threat intelligence and response.

      By the time this was published all identified accounts would have received forced password changes.

      I have done cyber security consulting for one of the impacted banks, and I think the article is reasonably well researched but not as clear as I’d like for people unfamiliar with the topic.

    • ikt@aussie.zoneEnglish
      1·
      29 days ago

      yeah was going to say, 2fa is everywhere now, that’ll limit a lot of damage