30
Cybercriminals have stolen almost 100 staff logins at the Big Four banks, experts say (www.abc.net.au)
submitted 4 weeks ago by [email protected] to c/[email protected]
4 comments fedilink hide all child comments
top 4 comments
sorted by: hot top new old
[-] [email protected] 3 points 4 weeks ago* (last edited 4 weeks ago)

This is a funny article and kind of reads like the reporter just discovered the "hacker" community. Is it a scare piece for uninformed readers?

They highlight a social media post where some cybercriminal is selling username/password lists for crypto.

I don't know if it's common knowledge or maybe I hang out in weird places but there's a whole lot more of this on the internet and has been for as long as I can remember.

The reporter goes on to allude - although doesn't say exactly - that the accounts require 2FA at the banks to grant access so they aren't actually compromised.

But then the reporter goes on to say the usernames and passwords might give "initial access" which is bad, but didn't really explain what that is.

I guess the real news is that these credentials were stolen with a keylogger. What kind of bank IT system doesn't have better malware blocking?

*Edit brb gonna drop some USB thumb drives outside their headquarters office building with sexypics.exe on the root and see who installs my malware

[-] [email protected] 2 points 4 weeks ago

Basically cyber security researchers monitoring the dark web have found credentials in dumps belonging to bank staff, this is concerning but doesn’t necessarily mean bank systems were directly compromised.

Staff members personal devices may have been compromised by infostealers not necessarily key loggers. Different malware but basically with the same end goal.

Or they could have been the result of a phishing campaign. There are a range of tactics, techniques and procedures (TTPs) for credential harvesting used by threat actors (hackers).

Typically initial access brokers obtain the credentials and sell them to other criminals and sometimes provide a small set for free so potential buyers can validate before they buy.

Speaking of TTPs that’s what is alluded to when they say initial access, which is a Tactic under the Mitre Attack framework.

https://attack.mitre.org/tactics/TA0001/

The banks response that there are systems in place to prevent use of these stolen credentials is more than just 2FA but also conditional access policies, active monitoring and cyber threat intelligence and response.

By the time this was published all identified accounts would have received forced password changes.

I have done cyber security consulting for one of the impacted banks, and I think the article is reasonably well researched but not as clear as I’d like for people unfamiliar with the topic.

[-] [email protected] 0 points 4 weeks ago

yeah was going to say, 2fa is everywhere now, that'll limit a lot of damage

[-] [email protected] 1 points 4 weeks ago

Senator Collins is going to be busy dealing with yet another crisis...

this post was submitted on 30 Apr 2025
30 points (100.0% liked)

Australian News

698 readers
15 users here now

A place to share and discuss news relating to Australia and Australians.

Rules
  1. Follow the aussie.zone rules
  2. Keep discussions civil and respectful
  3. Exclude profanity from post titles
  4. Exclude excessive profanity from comments
  5. Satire is allowed, however post titles must be prefixed with [satire]
Recommended and Related Communities

Be sure to check out and subscribe to our related communities on aussie.zone:

Plus other communities for sport and major cities.

https://aussie.zone/communities

Banner: ABC

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]