O Outro Lado BSidesSP ed 5/Stealing bank accounts with a 1kb file - the Brazilian way
Stealing bank accounts with a 1kb file - the Brazilian way
Horário: 14:30 as 15:20
Duração: 40 minutos (mais 10 minutos para perguntas e respostas)
Local: Auditório Principal
Nível: Básico / Intermediário / Avançado
Resumo
Proxy Auto-Config (PAC): a resource from modern browsers that is extremelly usefull on corporate networks has been (ab)used by bad guys to steal some million bucks from bank accounts. Its malicious usage has been known since 2003 but was among Brazilian (cyber)criminals where this technique has been improved and refined, on these later days shared among cybercriminals from Turkey and Russia.
Their attacks are reaching a level of complexity and efectivelly that was never seeing before, allowing a complete bank account hacking using a 1kb file. Using a lot of creativity and the 'Brazilian way', the malicious scripts allow man-in-the-middle, impersonating https connections, in a silently web based attack, regular and highly effective.
These malicious scripts remain off the radar of most antimalware companies, some have failed vehemently in detection and blocking it. In this presentation we show the evolution of the attacks, how bad guys are bypassing the detections, and the challenge to detect small malicious scripts
- PAC: Problem-Auto-Config
- legitimate usage
- alphabet soup: pac, wpad, dhcp, slp, dns
- javascript on browser's config
- brazil, 2007
- turkey, 2011
- russia, 2012
- PAC: Petty-Archive-Crime
- in your browser
- on your connnection
- bypassing detection
- let's play crypto
- pharming, phishing
- intercepting ssl/tls
- PAC: Planning-Achieve-Cash
- how-to-do-it only by 5k
- let's steal from Google
- detection? blocking? solution?
- researchers in danger: death threats
Palestrante
Fabio Assolini
Senior Security Researcher