Oracle reveals the latest BGP attack targeting payment websites to steal user information

BGP attack

Oracle security experts recently released a report to expose the latest BGP gateway agreement hijacking case; hackers will target some well-known payment operators in the United States.

Hackers direct user access to malicious phishing sites through BGP hijacking. If users fill in their payment information, they will be thoroughly hacked.

At present, there are more and more hijacking attacks on the BGP gateway protocol, which also exposes the security of the operators of the critical infrastructure of the Internet.

ISPs in Indonesia and Malaysia were attacked:

The source of the attack was that hackers first invaded network operators in Indonesia and Malaysia, and the network operators took control of some of the BGP settings.

After successfully winning the network operator, the hacker began to make fake phishing websites, which were specially made for hijacking US payment operators.

However, after the invasion took place, the above network operators still did not find any problems. After the preparation, the hackers began to hijack the BGP gateway to guide the phishing website.

 

Spread false DNS responses through BGP:

We know that when we visit a website, we need to have the DNS system to find the IP address of the website domain name and then return the IP address to the browser.

The purpose of the hacker hijacking the BGP gateway is simple: tampering with the DNS server changes the server address of the original website to the phishing server controlled by the hacker.

Oracle also found that the hacker’s fake DNS response took a longer TTL lifetime, with a regular TTL of about 10 minutes and the hacker modified it to five days.

This can be cached for a more extended period in the DNS system, and when users in some areas try to access the hijacked website, they will jump directly to the phishing website.

 

Steal the user’s credit card information back to the hacker server:

The purpose of this attack is mainly to steal the user’s credit card information; the user will submit the credit card number expiration date and security code when trying to pay.

After the hacker gets the information, he can directly perform the stolen brush without the user’s confirmation. This is why the hacker has so much trouble hijacking the BGP gateway.

However, it is unclear how many users this attack will affect, but many users complain that they cannot connect properly when they visit those payment websites.