2. ./About_me
>> Part of Incident response team at HDFC bank
>> Student of M.Tech(Information Security) at
KJSCE,Mumbai
>> Fields of interest: SOC, SIEM, Computer Forensics
3. ./Agenda
>> Panama Papers Leak.
>> Qatar National Bank Data Breach
>> Investigative summary of Bangladesh Bank Heist.
>> Other NEWS
6. ./Panama_Papers
>> Technical Flaws:
– Outlook Web Access login since 2009 and not updated
its client login portal since 2013.
– Client portal was vulnerable to the DROWN attack.
– Drupal open source CMS, was last updated in August
2013
– Drupal had 25 vulnerabilities, including a high-risk SQL
injection vulnerability that allows anyone to remotely
execute arbitrary commands.
– Directory Traversal
– WordPress version was three months out of date
– Emails were also not encrypted
8. ./Panama_Papers
>> Suspected Methodology:
– Web server and Mail server were on same network
– Web server was not behind a firewall
– Sensitive data was accessible though Web Based Portal
10. ./Panama_Papers
>> Suspected Methodology:
– Other Possible Vulnerability Exploited:
– Two plugins were used in addition to Revolution slider:
• WP SMTP plugin
– ability to send mail from your website via a mail server
– plugin stores email server address and login information in plain text in the WordPress
database
• ALO EasyMail Newsletter plugin
– to receive bounced emails from a mail server and automatically
remove those bounced mails from the subscriber list
– plugin also stores email server login information in the WordPress
database in plain text
14. ./QNB_Data_leak
>> Thousands of bank records, totalling 1.4GB of data
>> Uploaded to a file-sharing website called "global-
files.net“
>> Consisted of Critical Information
– bank credentials.
– telephone numbers.
– payment card details.
>>@bozkurthackers shared an online video claiming
responsibility for the breach
15. ./QNB_Data_leak
>>Suspected Methodology
• Attacker Runs SQLMAP to identify the vulnerability
• Webshell was implemented
• Lateral movement to compromise rest of the database.
• Out of 11, 7database were exposed
• The data was arranged into nine various folders, including those
named “Al-Jazeera”, “Police Security”, “Defence and etc”, and
“Mukhabarat”.
17. ./Bangladesh_bank_Heist
>> resulted in theft from the institutes' Federal Reserve bank account.
>>Total Loss incurred $81 million.
>>On Feb 5, 2016, Nearly 36 Requests hit Federal Reserve bank using spoofed Bangladesh Bank
identity.
>>4 requests were got processed resulting in amount of $81 million.
>>5th transfer request had typo – error in the beneficiary account name “Shalika Foundation”
named as “Fandation”.
>>This typo error caught by beneficiary bank ”Deutsche bank” brought eyes on the incident.
>>Possible attacked planed was about $950 Million.