After you learned about different types of hacking, there is a last one to take in consideration and that type of hacking is called Internet Banking Hacking and it’s considered a cyber crime in the most countries of the world.
In the last years, internet banking has become a feature used by a big number of people and it has its advantages, but the main disadvantage is that once hackers get into this type of hacking all the money are lost. Authorities and expert analyses estimate that in the future years the cases of online banking hacking will take a considerable growth. Online banking exists since 1980 and new methods to hack
online bank accounts are appearing everyday.
The first method you can choose for hacking an online bank account is phishing, the number of this kind of attacks are growing in the last years against banking systems, to hack the victim you should use social engineering techniques as well.
Hackers hide under a bank identity and make their new identity look as real as possible pretending to belong to the bank, malicious emails, advertisements and emails are the top secret in getting into someone’s bank account without their permission or knowledge. You should adopt the typical phishing scheme and try to collect as much information as you can about your victim, before anything else you should know their email address and if the victim uses this address for online banking but don’t worry, most of the people do it because it’s a little bit too complicated to work on
couple emails at a time and people who choose internet banking are usually busy and they don’t have time to follow more than an email address.
So, after you have got the email address, send any email that can get your victim’s attention by opening that email, the content of the email can be something interesting or in this case it’s better to guide your victim though a link to a specialized website that will ask for financial data and security details, those kind of websites are specially designed to look like an official bank account, but is
definitely not the original one, those infected websites are designed identical to the original ones.
Your email should make the victim click on a link which will guide your victim to a website which perfectly replicates a bank site.
Hackers also include in the email attachments which contain the link to the fake website and once opened it has the same effect. Phishing emails should take the official form of notifications and emails of the banks, organizations or e-payment systems, those kinds of messages request your victim’s sensitive information that will help you reach your goal. Malware specially designed for online banking hacking exist! it’s named Prg Banking Trojan.
McAfee has published a report on phishing which indicates that hackers aren’t hacking small banks, their targets are big companies, banks and organization that could worth the hack operation to be done. 37% of all banks on the globe were hacked using the phishing method in the last 12 moths at least once.
Hackers attempt to every sector by phishing it. Hackers are interested in predominantly banking, e-payment systems, e-auctions and generally in hacking big financial organizations around the globe.
Phishers are focused on breaking into hosting providers and they succeed in most of the cases, hackers disgracing servers and update their own configuration in order to display phishing pages from a private subdirectory of each domain that the machine host.
Don’t forget to protect yourself even if you are trying to hack online accounts, with a little lack of attention you can loose everything as well as your victims. Don’t divulge your Internet Protocol, read carefully every email and don’t click unless you are sure, ask and request more information always in order to keep protected.
The second method used by hackers to break into online banking accounts is called Watering Hole and specialists define it as an evolution of phishing attacks. By choosing this option hackers are injecting malicious codes onto a public website visited by a small and standard group of people.
In Watering Hole attack, hackers wait for target people to visit the hacked website and they are not inviting their victims to do it, they are only waiting for them to visit the website. If you choose this method, you should use Internet Explorer and Adobe Flash Player.
Hackers are compromising websites using this method that aren’t updated and configured very frequent because they are easily to hack than an updated website, usually hackers are using the exploit kits they find on the black square. Pro hackers hack the website at least six months before they attack it. This method is very efficient because hackers and websites can be located very
hard comparatively to phishing attacks. After the attacks hackers keep in touch with the website to make sure that everything is going in the direction they want to.
In 2012-2014, hackers used this method to hack a regional bank in Massachusetts. The operation was successful due to the JavaScript elements on both sites, the bank in Massachusetts and the local government that was under Washington DC suburbs:
Hxxp://www.xxxxxxxxtrust.com
Hxxp://xxxxxxcountrymd.gov
Another attack using this method was discovered in March 2013 when many banks in South Korea were compromised, the hackers collected sensitive data from the bank and they have also shut down their system. An interruption of their services was made on their online banking. Hackers consider this method a solution for the problems that authorities and security services and systems give them, and because they love to solve problems, they found an innovative solution in this case as well.
Researches show that most of the hackers make money online using this method and a lot of them are still undetected.
Hackers have a lot of ideas and they are really good, their ideas reflect in their solutions and that’s how Pharming and Credit Card Redirection hack method was born.
This method consists in hijacking a bank’s URL and when the customers access it they are automatically guided to another site which is identical to the original website. This method of hacking is a little bit more difficult than the other two methods, but not impossible. You can technically make it with one of the next techniques:
1. DNS Cache Poisoning
DNS’s exist in a bank’s, organization’s or company’s network to make a better response performance. Hackers attack the DNS server by exploring vulnerabilities in the DNS software, which make the server to give an error because it will incorrectly validate the DNS response. The server will redirect people to another site because it will catch wrong all the entries. Usually, the server which will host the victims is managed and controlled by hackers in order to give the customers malware. Hackers can even attack customers if they provide the hackers their IP.
2. Hosts File Modification
Hosts file is used by hackers to direct the customers on any website under their control.
A new technique is Credit card redirection which is used on disgraceful ecommerce websites to let the hackers get the sensitive information they need. This technique is not hacking the customer directly, after the victim pays using the card, the hacker modify the flow of the operation and all the money are redirected to them and most of the attacks are made on websites that offer e-commerce
services.
Hackers also break into a victim’s account by changing the credit card processing file.
Another type of attacks used in online banking hacking is called Malware based attacks and they are classified as the most dangerous attacks on the internet related to online banking services.
There are many malicious categories but in general they are designed to hit the online financial business. Security community considers Zeus, Carberp and Spyeye are considered the most dangerous of all. Zeus is in fact a Trojan horse which best works on all the versions of Windows, it was first discovered in 2007 when hackers use it to obtain illegally information about US Department of Transportation, it’s the oldest one from those three and even NASA got hacked in 2009 using Zeus.
MIITB is maybe the most efficient method used by hackers in internet banking where the ones who want to attack combine social engineering with malware which is infecting the browser of the victim. It mostly hide under the form of BHO (Browser Helper Object), attacks are based on proxies which infect the browser of the customer exploring it’s weakness on the victim’s device. Malicious codes are able to change the content of an online transaction between the bank and the customer.
The Zeus Trojan is also used to hack and get bank credentials by MIIT keystroke logging. Specialists consider that nine million phishing emails with Zeus were sent in 2009. According to ZeusTracker USA, Deutschland, Russia, UK, Ukraine, Romania, Netherlands, France, Japan and Turkey are top ten countries which are hosting Zeus. HoT- Hand on Thief is another Trojan specially designed to hack online banking, it was created to hit the Linux and Mac systems which demonstrated to be
immune to malware. Authorities say that it was created in Russia and it’s available to buy on some Russian underground forums, it’s capable of infecting the victims and stealing sensitive information from their machines. Grabbers and backdoor infection vectors are currently on sale with Hand of Thief for approximately $3000.
DDoS attacks are also used to hack internet banking. In case of online banking hacking, hackers are helped by volunteers that participate in the operation, a botnet is easier to detect and volunteers can block the whole process of detecting.
After 129 countries have been attacked with DDoS attacks, FBI decides to share a list of more than 130.000 Internet Protocol addresses used in attacks, attacks where the victims could not access their online or mobile banking services.
The fundamental types of DDoS attacks:
The ones based on volume VBA- the hacker is making an inundation with big quantity of data on the site. Protocol Attacks PA- when the hackers are trying to imbue the target servers by exploiting network protocol failures. Layer Seven Attacks- created to exhaust the resource limits when hackers make inundations with huge amounts of HTTP requests that saturate a target’s resources. DDoS attacks are also used as a deflection to hide the results of an attack that is ongoing. Dirt Jumper is a part of DDoS malware group and it has an updated version called Pandora, a big number of DDoS kits have shown up like YZF, ArmageddoN and DiWar. FBI and FS-ISAC and IC3 are highlighting the distribution of Dirt Jumper kit being used in bank attacks.
Using the methods from above, hackers can get money and they are also called criminal cyber if they do this activity illegally, they can hack an ultimate number of account and banks until they are discovered, if they are ever discovered. Now more than ever, hackers don’t focus only on computers, they also take in consideration hacking the mobile phones which are today such an result of great
ideas combined with hard work, since the phones are smart phones they allow you to do any kind of operation you want or need and they are way more used nowadays than computers, a lot of people use their smart phone to pay bills online or to do transactions online via internet banking services all around the world and that’s why hackers are focusing also on smart phones and hacking their systems in order to reach a new goal or just to give themselves new challenges. A research done in 2015 highlights the importance of smart phones and shows us that smart phones are more used nowadays then computers.
No comments:
Post a Comment