Incident Response, TDR

Federal Reserve Bank of St. Louis resets passwords following DNS attack

Individuals with active user accounts for publicly available economic data and analysis tools used by the Federal Reserve Bank of St. Louis are being asked to change their usernames and passwords.

Routing settings were manipulated at a domain name service (DNS) vendor used by the Federal Reserve Bank of St. Louis and anyone who visited certain official web pages in April could have automatically been redirected to fake pages designed to look like the real site.

“These risks apply to individuals who attempted to access the St. Louis Fed's research.stlouisfed[dot]org website on April 24, 2015,” according to a notification posted to the website on Monday, which explains that web pages for the FRED, FRASER, GeoFRED and ALFRED tools were imitated in the attack.

Users will be asked to change their credentials when they next log into their accounts.

DNS attacks from hacktivists and cybercrime groups have been on the rise in the last six months, Stewart Draper, director of insider threat with Securonix, said in a statement emailed to SCMagazine.com on Tuesday.

Brad Taylor, CEO of Proficio, said in a Tuesday statement emailed to SCMagazine.com that domain hijacking and web address redirecting is a huge problem that is getting worse and is becoming more challenging to deal with for organizations.

“Not so long ago, it was a standard practice for a security analyst to simply input a web address in a browser or search tool to track the suspected bad website,” Taylor said. “Cyber criminals have turned the table and now track security professionals, listing our IP addresses just like we keep lists of known bad actor locations.”

Those criminals "will then configure their tools to direct security professionals to the real enterprise web site in question, while their masses of intended targets are still redirected to the bad website," Taylor explained. "They are even known to attack a single address space, or direct even a single user to a malicious location.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.