U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Iran, 3M bank accounts hacked.Hypothesis on cyber warfare scenario

The story that I desire to report seems the plot of a movie, Khosrow Zarefarid an Iranian software manager after finding security vulnerability in Iran’s banking system tried to inform the management of the affected banks preparing a detailed report. As usually the bank’s manager ignored the alert so the Iranian expert decided to demonstrate the […]

Iran, 3M bank accounts hacked.Hypothesis on cyber warfare scenario

The story that I desire to report seems the plot of a movie, Khosrow Zarefarid an Iranian software manager after finding security vulnerability in Iran’s banking system tried to inform the management of the affected banks preparing a detailed report. As usually the bank’s manager ignored the alert so the Iranian expert decided to demonstrate the risk related to the discovered vulnerability, passing from theory to the action.
He hacked 3 million bank accounts, belonging to at least 22 different banks, to support his study. Admirable Zarefarid’s intellectual honesty that is limited to hacking systems not stealing anything from the accounts, he has just exploited the vulnerability retrieving account details of around 3 million individuals, including card numbers and related PINs.

Zarefarid has worked at Eniak company which operates with the Interbank Information Transfer Network System (Shetab), an electronic banking clearance and automated payments system used in Iran. The Eniak is leader in Iran for providing payment systems, a crucial sector in the banking world, within it’s activities there are also manufactoring and the installation of point of sales for the Iranian banking.

What is really seriuos that in occasion of him first alert the expert provided details on the security flaw and also on 1000 bank account, but he was ignored, for this reason Zarefarid decided to make public the events.

Of course the scenario is changed requesting the response of the banks, some Iranian banks such as Saderat, Eghtesad Novin have already started an informative campaign to inform their clients of the hack, inviing them to change their card PINs.  Other banks have preferred to block their customers’s accounts to avoid any kind of problem, meanwhile the Central Bank of Iran (CBI) issued a statement announcing that millions of ATM cards have been hacked and inviting all card holders to change their PINs as soon as possible. The warning was repeated on state TV channels. Iran’s Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised.


Other precautionary measure taken by some banks is the block of many ATMs for dispensing cash.

What is really incredible of the event is the behaviour of the Central Bank of Iran is its position on the vulnerability discovered, it has confirmed that the threat is not serious and hasn’t provided any information regarding its fix, let’s remind in fact that the change of the PIN is a temporary solution for exposed accounts, but the hack could happen again is the right solution is not applied.

More details can be found on the expert’s personal blog inside the post “Are your bank card Between 3000000 these cards?”

As usual let’s make some reflections on the event, the vulnerability discovery raises serious questions about the security level of the bank infrastructure. According to Iran expert almost all of the banks are vulnerable to the hack demonstrated. Think for a moment what could happen if the same vulnerability was over in the wrong hands, be they cyber criminals, groups of hackers hired by foreign hostile governments or groups of hacktivists. The banking sector is a vital component of the infrastructure of a country, it is considered in every most meticulous cyber strategies as critical Infrastructure. Blockade of the banking system, hacking of payment systems on a large scale can be a catastrophe for any country, incalculable losses in terms of direct damage caused by theft of money and indirect damage related to the image of the company. The is also another worrysome aspect, a country attacked on its financial institution fails in the panic creating the right environment for other cyber and military operations, that is a typical cyber war scenario.

Obviously knowing the real answer to the incident of Iranian institutions is impossible, but judging by their focus on cyber warfare is expected kidnapped a government response for the resolution of the problem, even before the banking institutions. In a scenario like that of warfare the synergies between the sectors of a country and the strong commitment of the central government are preconditions for the implementation of a suitable and efficient cyber strategy.

Pierluigi Paganini