13-04-17, Hackers used Let's Encrypt certificates for attacks targeted at large Brazilian bank
Fraudsters attacked bank users by finding vulnerabilities in the security system of one of the largest Brazilian banks. Hackers were using Let's Encrypt certificates to create phishing website clones. Just recently, researchers disclosed information in regards to approach which hackers used to find a breach in the protection of Brazilian bank.
Online scammers were able to transfer all of 36 bank domains to fake pages by using SSL certificates issued through Let's Encrypt certification authority. Bank customers were unaware of compromised security and continued to enter their data on phishing pages, not even suspecting that all their personal data transmitted to fraudsters.
The main series of attacks on the Brazilian bank were performed on October 22, 2016. Hackers gain access to all site operations by taking control of 36 domains, corporate mail and DNS.
According to a researcher from Kaspersky Lab, hackers acquired control of all bank domains. Furthermore, fraudsters were able to suspend corporate mail, and as a result, bank was unable to notify their customers about attacks.
The bank suffered from attacks is large: it has more than 5 million customers and $ 25 billion in assets. It has 500 branches in Brazil, United States, Grand Cayman and Argentina.
Investigation conducted by Kaspersky Lab discovered that the bank website was spreading malware to all visitors. Unaware site visitors were downloading zip-archive from the main page, which contained malicious Java file.
Attackers expected to use malicious software to intercept the operations of the victim bank and steal funds from accounts of users of banks in other countries.
The bank eventually returned control over the DNS infrastructure; however, malicious software remains on the visitors' computers.
The main issue concerning all users of the World Wide Web related to free SSL certificates. Fraudsters can easily receive them, and then create phishing web pages protected by an SSL certificate and aimed to steal valuable personal information. Due to this reason, it is very important to always turn to commercial certification authorities, which have well established SSL issuance practice and proven their reliability for a long time.
It is worth noting that Let's Encrypt certificates used for fraudulent activities did not contain the name of the organization. For this reason, all commercial sites are urged to switch to OV / EV SSL certificates, which include the name of the organization, and in regards to EV SSL, shows the green address bar in browsers. You can always buy OV and EV SSL certificates from leading certification authorities in our store.