Tannenbaum Helpern Syracuse & Hirschtritt, LLP
About Us Careers Contact Us Search
Home Practice Areas Industries Case Results Attorneys Publications Events Press Room

Cybersecurity Risk Update – Hackers Take Over Bank via DNS

Click here to download PDF

A recent cyber-attack on the domain name system (DNS) registrations of a Brazilian financial institution has reinforced the need for businesses not only to have a robust cybersecurity infrastructure in place but to be cognizant of the emerging threats they face.

The DNS is a core part of the internet, providing a mechanism whereby internet domain names (e.g., thsh.com) are located and translated into internet protocol (IP) alphanumeric addresses enabling users to be directed to the appropriate sites.

In the aforementioned instance, by accessing and altering the Brazilian bank’s DNS registration at its domain registration service, hackers were able to change the bank’s DNS registrations, control the bank’s website domains and, for several hours, redirect clients to an identical fake site constructed and operated by the cyber criminals. In conducting their normal banking activities, such as inputting access codes and typing in account numbers, clients inadvertently exposed their personal account information, giving unfettered access to the individuals who infiltrated the financial institution’s DNS. The fake sites had valid https certificates issued in the bank’s name, further masking the illegitimacy of the site, and infected users with a malware download when they visited the copycat sites. Furthermore, because the attack was so sophisticated and thorough, the bank could not use its email to notify customers of the attack.

While DNS attacks are just one form of cyber-attack, the difficulty in detecting DNS attacks, resulting in significant periods of time during which customers/users are re-routed to fake addresses, renders these attacks particularly dangerous. The attack on the Brazilian bank is not the only DNS attack to gain public attention; most recently an attack on DNS services at Dyn (an internet infrastructure company) rendered websites such as Amazon, Twitter, Netflix, Etsy and Spotify inaccessible to users.

As with all cyber threats, it is important to be aware that cyber criminals are continuing to develop innovative ways to exploit vulnerabilities to access sensitive information. Cyber-attacks cannot always be avoided. To place your company in the best possible position, however, it is crucial to periodically conduct security checks of your company’s systems, including your company’s DNS, and monitor emerging threats to your cybersecurity infrastructure. As part of the DNS security checks, companies should consider implementing security measures before any changes to their IP addresses can be made, such as requiring a two-factor authentication. At the same time, businesses should have plans in place enabling them to be prepared to identify, contain and mitigate the effects of a successful attack, as well as to comply with legal obligations imposed on companies whose systems are breached.

For more information on the topic discussed or if you have any questions or concerns with respect to your organization’s cybersecurity practices, please contact any member of Tannenbaum Helpern’s Cybersecurity & Data Privacy practice:

Andre R. Jaglom

212.508.6740 | jaglom@thsh.com

David R. Lallouz

212.702.3142 | lallouz@thsh.com

Michael J. Riela

212.508.6773 | riela@thsh.com

Beth Smigel

212.702.3176 | smigel@thsh.com

Maryann C. Stallone

212.508.6741 | stallone@thsh.com

Vincent J. Syracuse

212.508.6722 | syracuse@thsh.com

*Special thank you to Daniel Altabef for his contribution to this article.

About Tannenbaum Helpern Syracuse & Hirschtritt LLP

Since 1978, Tannenbaum Helpern Syracuse & Hirschtritt LLP has combined a powerful mix of insight, creativity, industry knowledge, senior talent and transaction expertise to successfully guide clients through periods of challenge and opportunity. Our mission is to deliver the highest quality legal services in a practical and efficient manner, bringing to bear the judgment, common sense and expertise of well trained, business minded lawyers. Through our commitment to service and successful results, Tannenbaum Helpern continues to earn the loyalty of our clients and a reputation for excellence. For more information, visit www.thsh.com. Follow us on LinkedIn and Twitter: @THSHLAW.

Business Litigation Bulletin
Employment Notes
Note from the Real Estate Group
THSH E-Alert
The Administration’s Fiscal Year 2014 Revenue Proposals - Three Things are Certain: Death, Taxes and nothing is Permanent
Principals of sponsor not personally liable for certification of condominium offering plan
Translating IP Translator for U.S. Mark Holders Filing in Europe
The Employee Handbook – An Essential Tool for Every Company
Trademark Applications Based on Intent-to-Use a Proposed Mark—Be Prepared to Document Your Bona Fide Intent...
Avoidance of Securities Transactions – Investor Exposure
District Court Confirms that Madoff Trustee Cannot Recover Extraterritorial Transfers
Real Estate Industry Awaits Vote on Terrorism Risk Act Extension
2014 Decisions Clarify How the State of Limitations Applies to Copyright Infringement Claims
Governor Cuomo Signs Bill Repealing Annual Wage Notification
Terrorism Risk Insurance Act Extended Through 2020
Lessons Learned from Two Years of Post-Grant Proceedings
NYC to use candidate “testers” to screen for employment discrimination in hiring practices
Some Common IP Mistakes Businesses Make and How to Avoid Them
SEC Adopts Rules for Equity Crowdfunding
NYC Commuter Benefits Law Takes Effect in the New Year
A Primer on Statutory Damages in Copyright Litigation
Second Circuit Extends Safe Harbor Protection to Creditors’ State Law Claims
Cybersecurity Risk Update – Hackers Take Over Bank via DNS
NY Businesses Reported a Record Number of Data Breach Incidents in 2016
Failure to quickly address cyber breaches can lead to dire business consequences
Department of Homeland Security Issues
Can a Licensing Agent also Enforce the Copyright in Licensed Works?
Hidden Costs: New York City’s Submetering and Lighting
Other Publications
Articles By Topic
Cyber & Privacy Alert
New York Law Journal
Attorney Professionalism Forum
Join Our Mailing List
Like us on FaceBook Follow us on Twitter Get LinkedIn with us Pin It! Email Us Print this Page

Sitemap |Terms of Use | Privacy | Attorney Advertising

Tannenbaum Helpern Syracuse & Hirschtritt LLP provides legal advice only to individuals or entities with which it has established an attorney-client relationship and such advice is based on the particular facts and circumstances of each matter. Contacting us through this site, or otherwise, will not establish an attorney-client relationship with us. Any e-mail or other communication sent to THSH or its lawyers through this site will not be treated as subject to the attorney-client privilege or as otherwise confidential and you should not include any confidential information in any such communication.