- Oct 2, 2011
- 1,569
Last edited by a moderator:
Hackers strike Australia's largest pension funds in coordinated attacks
- Thread starter Viking
- Start date
Wrecker4923
Level 2
- Apr 11, 2024
- 65
Looks like more cases of password reused/leaked and no 2FA.
- May 13, 2017
- 2,760
bazang
Level 13
- Jul 3, 2024
- 647
At the very least, secure passwords, passphrases, and MFA should be taught in every school in the world beginning in the earliest grade and repeated every single year.
I am willing to bet a lot of money that this one thing alone would do much to prevent hackings.
Can you imagine a world where users would have to provide fingerprint, OTP from Authenticator app, and complex passphrase? There would be pitchforks and rifles in the streets. Governments would be toppled by the user mob.
I like people fact-to-face, but notionally - given all that I know about people and their proclivities and a deep understanding of human psychology - I just don't like people. People are always the problem. ALWAYS.
- Apr 16, 2017
- 3,031
Agree!
So a sloppy account holder with easy pw and who does not use 2fa, hacker breaks into that user's account and transfers $500k, how does that affect my account with strong pw and 2fa? does that hack somehow also give access to my account, or this Fund has poor security structure? IE, I log into my bank account every day, but so far that has not given me access to other customer's accounts (not that I'm trying...
)
- Oct 3, 2022
- 829
It depends on how the attacker gained the foothold. The most obvious best way is to get hold of the tech admin account. Then he would have access to all accounts the admin is looking after. Another good way is to break the web code of the pension fund's access server. Once he gets in that way, the attack would again have access to many accounts. Another credential based attack vector would be to get hold of the clerical admin account. If the pension fund has an cell app, the attacker could reverse engineer the app. Or the attacker could monitor or capture the network traffic of a customer and forge his way in. Or it could be supply chain attack ............ There are many different ways to get in, and they all involve a bunch of accounts.
I think you read The Hacker News; I think you posted a link one time if I remember correctly. It is not the number of people affected nor the amount stolen or ransomed for that is interesting. The interesting thing about them is that they always provide a link to the source security researcher. You can read That long article, and gain insights to the TTPs of attackers.
Last edited:
- Apr 16, 2017
- 3,031
I guess when I skimmed the story, not clear to me that hackers got into a "tech admin account."
- Oct 3, 2022
- 829
No cybernews did not provide a link. I was only postulating how it could affect another account even if the fund uses 2FA.
bazang
Level 13
- Jul 3, 2024
- 647
Hacking a user account is one thing. Hacking the entire backend that supports all the accounts is an entirely different matter.Agree!
So a sloppy account holder with easy pw and who does not use 2fa, hacker breaks into that user's account and transfers $500k, how does that affect my account with strong pw and 2fa? does that hack somehow also give access to my account, or this Fund has poor security structure? IE, I log into my bank account every day, but so far that has not given me access to other customer's accounts (not that I'm trying...
You probably would not be surprised how many servers out there that have server passwords of "password" or "Admin."
- Apr 16, 2017
- 3,031
Ok so that Australian fund with ALL that money had poor security on its servers? Or the best hardware and security software is eventually hackable? Scary either way...
- Oct 3, 2022
- 829
You know the favorite motto of hackers is along the lines of "everything man made is vulnerable somewhere and hackable".
Similar threads
