14 DAY TRIAL // St. Louis Federal Reserve initiated a password reset procedure on its systems after falling victim to a cyber-attack in April that caused visitors to reach fraudulent web pages set up by hackers.
The attackers did not compromise any of the systems managed by the financial institution but breached the network of a DNS (domain name system) vendor used by the bank for routing traffic to the correct web servers.
Hackers directed visitors to fake Federal Reserve pages
In a notification sent to its customers on Monday, the organization says that, on April 25, hackers changed the IP addresses for the name servers pointing to machines that redirected the connection “to rogue webpages they created to simulate the look of the St. Louis Fed’s research.stlouisfed.org website, including webpages for FRED, FRASER, GeoFRED and ALFRED.”
The modifications made by the hackers caused users to land on fake pages impersonating the legitimate content from the bank, exposing them to risks ranging from phishing to the delivery of malware.
In the alert from the bank, it is stated that the incident affects people who tried to access the aforementioned website on April 25 and that data for login attempts may have been collected by the threat actor.
Users required to change their account access passwords
A copy of the notification has been obtained by security blogger Brian Krebs, who verified its veracity with a source at a regional Federal Reserve location.
As a protective measure, the financial institution has reset the login passwords and users are now asked to change it upon trying to access the account.
FRED, FRASER and ALFRED are databases maintained by the Federal Reserve, containing different economical information, both new and historic.
GeoFRED is a service that allows users to create or customize geographical maps for the data stored in FRED (Federal Reserve Economic Data) database, which includes over 258,000 economic time series from 79 sources with banking and fiscal details, consumer price indexes, employment and population, exchange rates, GDP, interest rates and US financial data, as well as info on US trade and international transactions.