Updated 6/1/2015 to include reference to Security Intelligence Blog posting from May 28, 2015.
It appears to be a classic “watering hole” technique going after victims where they’re known to gather.
What’s notable is that none of the Federal Reserve’s systems, or their network, were compromised. Instead, users of the St. Louis Federal Reserve were redirected to the attacker’s websites by hacking the DNS recorders for the bank. Once at the malicious sites, attackers may have forced malware on to user systems, or intercepted email and other network traffic to acquire sensitive information.
In essence, attackers can potentially get the same information they would by hacking the Federal Reserve’s systems or network without actually having to do so.
Think of it this way – if you wanted to steal the gold from Fort Knox, what’s the easiest way to do it? Would you try to break into the heavily guarded and protected facility? Or would you instead target the more vulnerable trucks that carry the loot?
That’s basically what’s at work here. Attackers are smart and efficient; they’ll always take the easy route.
DNS hacks are a logical response to better system and network security. And, it’s not just the Federal Reserve. Home users could be the victims of this too. Recently one of our own researchers posted about his own experience with his home’s router DNS being hacked. And our researchers are seeing a rise in attacks that cleverly attack home routers to reset DNS settings in a way that can easily escape notice.
The lesson is clear – make sure your DNS is as secure as your network and systems. If you own a domain, work with your registrar to make sure only you can make changes. If you run a network (and that includes home broadband and Wi-Fi connections) do whatever you can to ensure that systems and routers linked to trusted DNS. Security products that provide multiple layers of protection that includes web reputation services like Trend Micro™ Internet Security can also help protect against these sorts of attacks.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.