Bangladesh Government Sites Used in Phishing Campaign
Bangladeshi government web pages have been compromised and used in phishing attacks, according to security researchers.
Domain name registrations under .gov.bd appear to have been used in attacks spoofing the likes of Wells Fargo bank, Google and AOL, according to anti-phishing firm Netcraft.
However, the vendor claimed in a blog post that the compromised server in question is “one of a few” hosted in the UK on a static IP address used by the hosting company Nibs Solutions.
The phishing pages are apparently still live after more than a week.
“The presence of multiple live phishing sites on the affected server, and the fact that the previous compromises have not yet been cleaned up, suggests that whatever security vulnerabilities might have affected the server are yet to be resolved,” Netcraft continued.
“Bangladesh has a relatively small presence on the web, with just over 30,000 websites making use of the entire .bdcountry code top-level domain. However, the ratio of phishing incidents to sites is quite high at roughly 1 in 100.”
The incident will add further embarrassment to the Bangladesh government after its central bank was caught out in a major cyber attack earlier in the year which led to the theft of over $80 million.
In that incident, hackers would have stolen $1bn but a spelling mistake in the routing instructions raised the alarm and a fifth transfer of $20m was stopped.
A war of words ensued between the bank and Swift, the global organization which owns and operates international bank transfer messaging infrastructure.
According to Reuters, Bangladesh Bank staff accused Swift technicians of leaving security holes when they were connecting the bank’s real-time gross settlement (RTGS) system to the Swift network.
However, Swift has refused to take any of the blame, claiming the fault is on the bank’s side.
It emerged earlier this month that a second bank, and Swift customer, had been targeted in the same way.
Source: Information Security Magazine