Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Crime Social Networks The Almighty Buck The Internet

One Million IP Addresses Used In Brute-Force Attack On A Bank (softpedia.com) 50

Cisco says in just one week in February they detected 1,127,818 different IP addresses being used to launch 744,361,093 login attempts on 220,758,340 different email addresses -- and that 93% of those attacks were directed at two financial institutions in a massive Account Takeover (ATO) campaign. An anonymous reader writes: Crooks used 993,547 distinct IPs to check login credentials for 427,444,261 accounts. For most of these attacks, the crooks used proxy servers, but also two botnets, one of compromised Arris cable modems, and one of ZyXel routers/modems. Most of these credentials have been acquired from public breaches or underground hacking forums. This happened before the recent huge data breaches such as MySpace, LinkedIn, Tumblr, and VK.com.
It's apparently similar to the stolen-credentials-from-other-sites attack that was launched against GitHub earlier this week.
This discussion has been archived. No new comments can be posted.

One Million IP Addresses Used In Brute-Force Attack On A Bank

Comments Filter:
  • What is the world record for cloud attacks? Cloud City needs some policing.
  • Internet of Thieves (Score:5, Informative)

    by Black Parrot ( 19622 ) on Sunday June 19, 2016 @05:59PM (#52349111)

    Didn't realize what IoT actually stands for.

    • by DaMattster ( 977781 ) on Sunday June 19, 2016 @07:08PM (#52349325)
      This is why self-driving vehicles are a bad idea! One good penetration could turn a 80,000 lb semi into a lethal weapon.
  • My own personal (as in, at home hosted on a cable modem) web server used to get these same kinds of distributed dictionary attacks, botnet attempts to gain access to whatever they can. There were times when I would see this type of thing almost once a month or so; then it started to taper off and I haven't seen it in some time. I figured the botnets were just doing other things (or had decomposed).

    And yes, I acknowledge that there is nothing important about my web server. I figured the botnets just occasionally go through every IP address they can find that accepts ssh connections and my number comes up every so often. I've never seen an IP address come up in both my web and ssh logs.

    And yes, I know I can do more to prevent this. People offer up plenty of suggestions. Frankly I don't care, and I actually enjoy seeing tons of blocked ssh traffic in my logs from time to time. As you might expect the vast overwhelming majority of traffic is Chinese script kiddies attempting dictionary attacks as root; I don't care about those as I don't allow remote root. I find the distributed, phone book, and distributed phone book attacks much more interesting. They even give me a chance to tune up my cron jobs that parse my server logs :)
    • by pepsikid ( 2226416 ) on Sunday June 19, 2016 @06:57PM (#52349293)

      Yeah, one of the perks of running servers on a residential line is seeing firsthand all of the exploits. I'm fond of decrypting those mime-encrypted javascripts embedded in urls and finding the patebin page or hostname which it tries to fetch more scripts from; getting that shiat reported. If I were evil, i could build quite a library of exploits to use on others. They just send me these things haha!

      • why build a library, just download the kits like all the script kiddies are doing that are hitting you. They aren't hand crafting these against you they are just using the readily available exploit scanning kits.
    • I used to host my own web/email server but since the cost of protected virtual servers has come down significantly, I decided to move my hosting to the cloud. I actually save on my electric bill too. LOL
      • by pepsikid ( 2226416 ) on Sunday June 19, 2016 @07:39PM (#52349415)

        I have my own cloud. I save on electricity by packing multiple servers into one box which is on 24/7 anyway. Having the servers physically located beside me relieves me of further concern that my hardware, website or forum might be seized or MitM'd. Also, the HOA can't sweet-talk some meddling corporation into kindly muzzling "that scofflaw." :)

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          SO lets see. You are not saving energy by keeping a system on 24/7, you are spending more money on power and cooling than you would if you put that computer in a colocated datacenter (I have ran the numbers more than enough times, I'm using typical residental power rates of 9cents/kWhr). Second, having physical access to your servers doesn't increase security. Your 5 pin tumbler lock is no match to an advanced lockpick set compared to the IDing, fingerprinting, and biometric scanning most datacenters put

          • Rather strong language there, AC stranger. Too bad you're wrong. I said the pc is on 24/7 ANYWAY. Instead of 4 of them on all the time. Also, I have attached a duct which vents its heat right out the window, lol. Physical access to the servers prevents others from seizing control and taking them over to operate as their own. As in the case of an asshole HOA that wants to boot me off my forum and neighborhood site, and run them their way. Which they did once last year. Someone very resourceful might mitm the

    • by Anonymous Coward

      I used to get tons of ssh break in attempts. Switching port 22 to another completely stopped it. Seems that most script kiddies are doing the hacking.

      • by Anonymous Coward

        Not necessarily. After all, the real people just know that people who take the effort to move it to a different port probably take other steps to secure it. An ssh daemon left on the default port has a higher chance of being unsecured and doesn't have best practices in place, such as disabling root access and public key encryption.

  • 3 backdoors? (Score:4, Insightful)

    by Anonymous Coward on Sunday June 19, 2016 @06:25PM (#52349197)
    How incompetent do you have to be as a company to have THREE backdoors in your own router, intentional or accidental....
    • by MrL0G1C ( 867445 )

      And there's the fact that they allowed millions of attacks before shutting off the service (if they had the sense to actually shut it off).

  • For long time, I had probably the largest database of active bots and open proxies. I haven't counted for a while, but I don't think I have a million. That's one hell of an attack. Typically we see hundreds to a few thousand used in each attack.

  • How documented is the link with MySpace, LinkedIn, Tumblr, and VK.com leaks? It is in Slashdot summary but not in referenced articles at Akamai and Softpedia.
  • Most sites that I use that have risk associated with them will shut down an account if more than three attempts are made with bad logins. It sounds like these banks' systems allowed unlimited login attempts. I have a hard time believing that they would have security that lax.

No spitting on the Bus! Thank you, The Mgt.

Working...