May 16, 2016 (LBO) – The corporate website of Commercial Bank of Ceylon was hacked, with its data posted online on May 12 by a hacking group which also posted data of several banks in Asia and Middle East, a report said.
The group called Bozkurtla, with apparent Turkish ties, hacked data from five South Asian banks and posted it on May 10. It also dumped data online from UAE-based InvestBank on May 7 and data from Qatar National Bank on April 26, the Bank Info Security site reported.
Commercial Bank of Ceylon said it had taken corrective steps and no sensitive customer data or valuable passwords were lost due to the intrusion. The files contain the contents of the corporate website of the Commercial Bank of Ceylon, a researcher said, adding no customer data or payment card information was apparently exposed in the incident.
The dump appears to have occurred in October of last year, and the compromise may have taken place before that.
The attackers appear to have compromised the bank’s systems using a SQL injection attack and uploading a Web Shell – a script that enables remote administration – onto the bank’s PHP server, Bank Info Security reported.
This is the conclusion from the presence of artifacts from the hack in the data dump, including logs and files the indicate where the SQL injection was used and where the Shell was injected.
Many have been questioning the motives of the Bozkurtlar attackers, given the lack of any hacktivist message, announcement or reports of attempts at blackmail.
In addition to the Commercial Bank of Ceylon attack, the Havij advanced SQL injection tool was apparently used in the attacks against Kathmandu, Nepal-based Sanima Bank and Dhaka, Bangladesh-based Dutch Bangla Bank.
The Qatar National Bank breach also involved an SQL injection and Web Shell combination, but it remains unclear if it involved the Havij tool.
The automated SQL injection tool has gained a lot of popularity with the cybercriminals and white hat researchers alike, because of the ease with which SQL injection attacks could be launched – literally at a click of a button – greatly reducing the effort and expertise required to launch such attacks, the report said.