¡¡ BancoEstado

General topics related to Living in Chile
User avatar
RuneTheChookcha
Rank: Chile Forum Citizen
Posts: 2130
Joined: Thu Aug 07, 2008 3:02 pm
Location: Valparaíso (...a "World Heritage Site")

Re: ¡¡ BancoEstado

Post by RuneTheChookcha » Tue Sep 08, 2020 4:39 pm

"Ransomware Payday: Average Payments Jump to $178,000"

{ source: bankinfosecurity ~ August 18, 2020 }

https://www.bankinfosecurity.com/blogs/ ... 000-p-2932
perdimonocle-19

User avatar
fraggle092
Rank: Chile Forum Citizen
Posts: 2120
Joined: Fri Mar 28, 2008 6:35 pm
Location: In Chile

Re: ¡¡ BancoEstado

Post by fraggle092 » Tue Sep 08, 2020 7:25 pm

A typical malware delivery mechanism - the phishing mail.
Got this one twice today.
Account details obscured, just in case they happen to be real.

.
phishmail.png
Bienvenidos a Chaqueteo City.

Après moi, le déluge

User avatar
admin
Site Admin
Posts: 22320
Joined: Sat Aug 26, 2006 11:02 pm
Location: Frutillar, Chile
Contact:

Re: ¡¡ BancoEstado

Post by admin » Wed Sep 09, 2020 6:46 pm

Few years back a friend with a small hotel / restaurant called me in a panic. His computer was locked up. I generally don't offer to fix other people's computers anymore; especially windows computers. As I was going to have dinner there anyway, I told him I would take a look.

Yea, it was ransomware. Yea, it encrypted his whole drive. I and another friend in town that was a computer expert took a crack at it. It was an old computer, so there was a small chance that the ransomware was also old. The early ones had very bad encryption. Many have been cracked or had other flaws discovered in them.

Well, in my friends case, no luck. However, when we looked at the code of the ransomware, we discovered it had been probing the network looking for network attached backups, cloud backups, and any files that might be a backup. It was also trying to map and traverse the network. In my friends case, it was just one old computer by itself; but, the ransomware had the potential to raise all sorts of hell inside a larger network.

The moral to that story is pull your backups to the backup computer, rather than push your backups to the backup computer.

After that I implemented a few extra chang s to my network security setup. Even though it is highly unlikely to happen, I thought best to assume it could happen. Someone might get creative one day and come up with a working linux version of ransome wear that can get beyond simply screwing with the home directory of a user.

Even though we run an all unix network, I still try to practice good backup and security hygiene. I don't even allow windows computers to connect as a guest to my wifi network. I pull my backups from the computer being backed up to backup server making it impossible for an infected computer to ever access the backup computer.

I also don't let any of the computers on my network talk to each other directly. There is simply no reason for it. Data exchange between employees, happens on centralized servers I can control and monitor. None of that windows file sharing crap.

Someone might get lucky and hack one, but they are not going to be able to own the whole network simply by getting in to one. I treat each computer as if it was a hostal network, not to be trusted by the rests. Firewalls, inside firewalls. Incompatiable protocalls, ports, and encrypted traffic inside my own network; as if they were all out in the wild.

I also still physically remove a hot swap drive from my server every few days, with incremental hourly and daily backups. It lives in my go bag next to my flashlight and other emergency items. Stops ransomware, hackers, and if we ever have to evacuate in an emergency, I could get our entire buisness back up and running in a few hours once we reach a safe place.
Spencer Global Chile: Legal, relocation, and Investment assistance in Chile.
For more information visit: https://www.spencerglobal.com

From USA and outside Chile dial 1-917-727-5985 (U.S.), in Chile dial 65 2 42 1024 or by cell 747 97974.

User avatar
eeuunikkeiexpat
Rank: Chile Forum Citizen
Posts: 8242
Joined: Fri Sep 01, 2006 1:38 am
Location: Megalith of unknown origin near my digs, south V Region coast

Previred payments

Post by eeuunikkeiexpat » Sat Sep 12, 2020 12:02 pm

Anyone else experiencing problems paying their FONASA via BancoEstado? Currently getting error 537c when trying to access Previred pagos on the BE site. Anyone try the app?
There are two ways to be fooled.

One is to believe what isn't true;

the other is to refuse to believe what is true.

- Søren Kierkegaard

User avatar
fraggle092
Rank: Chile Forum Citizen
Posts: 2120
Joined: Fri Mar 28, 2008 6:35 pm
Location: In Chile

Re: ¡¡ BancoEstado

Post by fraggle092 » Fri Sep 18, 2020 8:59 am

This was what their home page showed yesterday, for a while.
.
eihvukrwoaesd8w.jpeg
.
Si bien el hecho fue resuelto, poco antes de las 09:50 horas la web del banco se encontraba caída.
Veinte minutos después seguía sin estar operativa.

https://www.biobiochile.cl/noticias/eco ... nica.shtml
Bienvenidos a Chaqueteo City.

Après moi, le déluge

User avatar
admin
Site Admin
Posts: 22320
Joined: Sat Aug 26, 2006 11:02 pm
Location: Frutillar, Chile
Contact:

Re: ¡¡ BancoEstado

Post by admin » Fri Sep 18, 2020 10:39 am

When I run in to ransomware on a computer, I immediately start looking for signs of other activities.

Ransomware makes fine distraction, for other trojan horse activity. Say collecting data and sending it out of the network, while destroying logs and other finger prints.

It is like setting off a nuclear bomb, to cover the shot of a sniper.
Spencer Global Chile: Legal, relocation, and Investment assistance in Chile.
For more information visit: https://www.spencerglobal.com

From USA and outside Chile dial 1-917-727-5985 (U.S.), in Chile dial 65 2 42 1024 or by cell 747 97974.

User avatar
RuneTheChookcha
Rank: Chile Forum Citizen
Posts: 2130
Joined: Thu Aug 07, 2008 3:02 pm
Location: Valparaíso (...a "World Heritage Site")

Re: ¡¡ BancoEstado

Post by RuneTheChookcha » Fri Sep 18, 2020 1:59 pm

admin wrote:
Mon Sep 07, 2020 2:30 pm
Seems it encrypted their data, probably ransomware....
admin wrote:
Mon Sep 07, 2020 2:37 pm
If the systems were setup correctly, that should have been little more than a system reboot...
If only that would be that simple... They [BancoEstado] had to reinlstall from scratch on a good number of machines, I believe.

At the end of 2019 I hosted an unimportant site there:

Ransomware attack on SmarterASP.NET impact 440,000 customers...
https://www.cybersecurity-insiders.com/ ... customers/

The recovery was long, painful, nightmarish, and with shitloads of, say, "abusive language" from customers.

That was a bit of a disaster for the host... "el estado de catástrofe".
perdimonocle-19

User avatar
admin
Site Admin
Posts: 22320
Joined: Sat Aug 26, 2006 11:02 pm
Location: Frutillar, Chile
Contact:

Re: ¡¡ BancoEstado

Post by admin » Sun Sep 20, 2020 8:05 am

So seems terribly odd that the department of homeland security would issue and emergency upgrade order for windows servers. There is what they call a "zero day" attack, that is literally using a bunch of zeros to escalate to full admin privileges. I have not gone and looked at this in detail yet, mostly because I consider windows to be a trojan horse the moment it is turned on. No need to install extra features.

https://www.forbes.com/sites/daveywinde ... -says/amp/

Did I say already, anyone using windows inside a bank should shot?

Well, just in case. It is worth repeating.

I keep a few old copies of windows on a box in my office. A carboard box, at the bottom of my closet. They probably have some major vulnerability sitting there in their in the plastic case unopened.
Spencer Global Chile: Legal, relocation, and Investment assistance in Chile.
For more information visit: https://www.spencerglobal.com

From USA and outside Chile dial 1-917-727-5985 (U.S.), in Chile dial 65 2 42 1024 or by cell 747 97974.

User avatar
fraggle092
Rank: Chile Forum Citizen
Posts: 2120
Joined: Fri Mar 28, 2008 6:35 pm
Location: In Chile

Re: ¡¡ BancoEstado

Post by fraggle092 » Wed Sep 23, 2020 5:54 pm

Re the recent attack, they now believe that that Bank personnel working from home on unsecured or infected devices was how the baddies got into the system. Given that remote networking must have been set up very quickly, its not surprising that safety precautions were overlooked. But a Bank should have been at least aware of the implications of allowing insecure external devices onto its networks. That's what thin clients and diskless workstations are for.
Wonder if they have closed all these potential back doors yet...
“Hay una alta probabilidad de que esto se haya tratado de un error humano, producto de algo que nadie estaba muy preparado, que era básicamente el teletrabajo, porque mucha gente se lleva sus equipos o computadores y que puede ser objeto de phishing, pinchando un link indebido, que en el banco habría sido detectado, pero que en una casa no necesariamente”, dijo.
https://www.df.cl/noticias/mercados/bol ... 03420.html
Bienvenidos a Chaqueteo City.

Après moi, le déluge

User avatar
admin
Site Admin
Posts: 22320
Joined: Sat Aug 26, 2006 11:02 pm
Location: Frutillar, Chile
Contact:

Re: ¡¡ BancoEstado

Post by admin » Thu Sep 24, 2020 10:13 am

fraggle092 wrote:
Wed Sep 23, 2020 5:54 pm
Re the recent attack, they now believe that that Bank personnel working from home on unsecured or infected devices was how the baddies got into the system. Given that remote networking must have been set up very quickly, its not surprising that safety precautions were overlooked. But a Bank should have been at least aware of the implications of allowing insecure external devices onto its networks. That's what thin clients and diskless workstations are for.
Wonder if they have closed all these potential back doors yet...
“Hay una alta probabilidad de que esto se haya tratado de un error humano, producto de algo que nadie estaba muy preparado, que era básicamente el teletrabajo, porque mucha gente se lleva sus equipos o computadores y que puede ser objeto de phishing, pinchando un link indebido, que en el banco habría sido detectado, pero que en una casa no necesariamente”, dijo.
https://www.df.cl/noticias/mercados/bol ... 03420.html
The whole thing just screems "amateur hour"!!!!

when the pandemic came along, we told everyone to work from home. Grab a printer and extra ink cartridges if you need it.

It had zero impact on our workflow or security, because we have been working remotely for years with all the associated security setup years ago. We have employees that have been working from home for over 10 years. We also have been setup to work remotely from anywhere in the world. We work from the back of a horse in the patagonia, or a beach in the carribean all the same.

But the number one thing we have is a network that is secured. It is designed from the ground-up to stop data flowing the wrong way. There is no opertunity. I believe networks should be designed more like water pipes in a house than a traditional 'networks'. Hot water. Cold water. Waist water. None of them need to mix, except under very controlled conditions, and none of them should contaminate the other water lines in the network. Waist water should never be allowed to contaminate your hot water.
Spencer Global Chile: Legal, relocation, and Investment assistance in Chile.
For more information visit: https://www.spencerglobal.com

From USA and outside Chile dial 1-917-727-5985 (U.S.), in Chile dial 65 2 42 1024 or by cell 747 97974.

User avatar
tiagoabner
Rank: Chile Forum Citizen
Posts: 1166
Joined: Sat Mar 04, 2017 9:48 am
Location: Concón

Re: ¡¡ BancoEstado

Post by tiagoabner » Thu Sep 24, 2020 11:51 am

admin wrote:
Thu Sep 24, 2020 10:13 am
fraggle092 wrote:
Wed Sep 23, 2020 5:54 pm
Re the recent attack, they now believe that that Bank personnel working from home on unsecured or infected devices was how the baddies got into the system. Given that remote networking must have been set up very quickly, its not surprising that safety precautions were overlooked. But a Bank should have been at least aware of the implications of allowing insecure external devices onto its networks. That's what thin clients and diskless workstations are for.
Wonder if they have closed all these potential back doors yet...
“Hay una alta probabilidad de que esto se haya tratado de un error humano, producto de algo que nadie estaba muy preparado, que era básicamente el teletrabajo, porque mucha gente se lleva sus equipos o computadores y que puede ser objeto de phishing, pinchando un link indebido, que en el banco habría sido detectado, pero que en una casa no necesariamente”, dijo.
https://www.df.cl/noticias/mercados/bol ... 03420.html
The whole thing just screems "amateur hour"!!!!

when the pandemic came along, we told everyone to work from home. Grab a printer and extra ink cartridges if you need it.

It had zero impact on our workflow or security, because we have been working remotely for years with all the associated security setup years ago. We have employees that have been working from home for over 10 years. We also have been setup to work remotely from anywhere in the world. We work from the back of a horse in the patagonia, or a beach in the carribean all the same.

But the number one thing we have is a network that is secured. It is designed from the ground-up to stop data flowing the wrong way. There is no opertunity. I believe networks should be designed more like water pipes in a house than a traditional 'networks'. Hot water. Cold water. Waist water. None of them need to mix, except under very controlled conditions, and none of them should contaminate the other water lines in the network. Waist water should never be allowed to contaminate your hot water.
The issue is those who have the technical know-how rarely get to "manglement" positions, especially in government-run enterprises. It takes a certain "ball-licking" mindset to rise in most corporate environments, and that usually comes with a "convenience first, safety second" mindset. Why would you put your Chilean bank employees through the hassle of using a safe network when you can have them do their thing the way they've been doing already? I mean, there is a reason this wasn't the first breach in Chilean banking, and it most likely won't be the last. The mindset simply isn't there.
I'm NOT your lawyer, accountant or financial planner. All information at this post should be considered for your entertainment only. Consult a professional before making a decision regarding whatever topic was mentioned in this post.

User avatar
admin
Site Admin
Posts: 22320
Joined: Sat Aug 26, 2006 11:02 pm
Location: Frutillar, Chile
Contact:

Re: ¡¡ BancoEstado

Post by admin » Thu Sep 24, 2020 2:37 pm

tiagoabner wrote:
Thu Sep 24, 2020 11:51 am
admin wrote:
Thu Sep 24, 2020 10:13 am
fraggle092 wrote:
Wed Sep 23, 2020 5:54 pm
Re the recent attack, they now believe that that Bank personnel working from home on unsecured or infected devices was how the baddies got into the system. Given that remote networking must have been set up very quickly, its not surprising that safety precautions were overlooked. But a Bank should have been at least aware of the implications of allowing insecure external devices onto its networks. That's what thin clients and diskless workstations are for.
Wonder if they have closed all these potential back doors yet...
“Hay una alta probabilidad de que esto se haya tratado de un error humano, producto de algo que nadie estaba muy preparado, que era básicamente el teletrabajo, porque mucha gente se lleva sus equipos o computadores y que puede ser objeto de phishing, pinchando un link indebido, que en el banco habría sido detectado, pero que en una casa no necesariamente”, dijo.
https://www.df.cl/noticias/mercados/bol ... 03420.html
The whole thing just screems "amateur hour"!!!!

when the pandemic came along, we told everyone to work from home. Grab a printer and extra ink cartridges if you need it.

It had zero impact on our workflow or security, because we have been working remotely for years with all the associated security setup years ago. We have employees that have been working from home for over 10 years. We also have been setup to work remotely from anywhere in the world. We work from the back of a horse in the patagonia, or a beach in the carribean all the same.

But the number one thing we have is a network that is secured. It is designed from the ground-up to stop data flowing the wrong way. There is no opertunity. I believe networks should be designed more like water pipes in a house than a traditional 'networks'. Hot water. Cold water. Waist water. None of them need to mix, except under very controlled conditions, and none of them should contaminate the other water lines in the network. Waist water should never be allowed to contaminate your hot water.
The issue is those who have the technical know-how rarely get to "manglement" positions, especially in government-run enterprises. It takes a certain "ball-licking" mindset to rise in most corporate environments, and that usually comes with a "convenience first, safety second" mindset. Why would you put your Chilean bank employees through the hassle of using a safe network when you can have them do their thing the way they've been doing already? I mean, there is a reason this wasn't the first breach in Chilean banking, and it most likely won't be the last. The mindset simply isn't there.
Well, they also had Microsoft come in and "consult" a couple of years ago after the last big bank breach. I am sure they were told everything is just fine. Keep buying our shitty insecure operating system and servers.

Couple of years ago I helped setup some brand new HP windows computers at a friend's office. Every 5 to 10 years I forget, I don't do windows and get talked in to helping someone out with one. NOTHING HAS CHANGED AT MICROCRAP IN 40+ years.

We had 4, new, in the box computers. They even had consecutive serial numbers and licenses. About as exactly the same as you can get. I unpacked and configured them the same (i.e. clicked exactly the same buttons, at the exact same time, to hopefully get exactly the same settings). All four had completely different configurations. How the hell do you secure an OS, that is just lying to you about what it is doing?

Later, I was configuring the network and ran in to a bunch of problems. Pulled out a network scanner / packet monitor. Those same 4 computers were crapping all over the network, sending data to who knows who, for no particular reason, trying to form unauthorized connections to anything they could talk to, on, and on, and on. The network was not even connected to the internet, but they sure were trying hard to "share" with the whole world.

Those computers had been turned on for less than an hour, and they had gone AWOL. I finally had to isolate them on their own firewalled segment, just to shut them up so I could see what else was going on in the rest of the network. Every single one of those packets those computers sent, I view as a built in security threat; because hackers and virus writers sure view them as a gift that keeps on giving.
Spencer Global Chile: Legal, relocation, and Investment assistance in Chile.
For more information visit: https://www.spencerglobal.com

From USA and outside Chile dial 1-917-727-5985 (U.S.), in Chile dial 65 2 42 1024 or by cell 747 97974.

Post Reply