Hackers Target 'Instant Quote' Websites

Share links to interesting articles/tutorials/PDF's.
Forum rules
- Do not post links to stolen material. Doing so will result in a warning or ban.
- Do not double post already submitted links. They will be deleted.
- Posting links to your personal uploads (such as Dropbox) will first need to be approved by a moderator.
- Match post titles to the topic of the submission. (ex: 'C++ for Beginners')
- Requests for links are accepted.
If you wish to write your own article, submit it here: https://www.hackthissite.org/submit/article

Hackers Target 'Instant Quote' Websites

Post by frank_fpx on Wed Mar 03, 2021 2:44 am
([msg=109118]see Hackers Target 'Instant Quote' Websites[/msg])

Hackers Target 'Instant Quote' Websites

Hackers are targeting vulnerabilities in websites offering instant quotes - especially those that provide auto insurance rates - in an ongoing campaign designed to steal consumers' information, according to an alert from the New York State Department of Financial Services .

See Also: Live Webinar | The EVIL-Ution Of Ransomware In 2021-Top Protection Tips

The alert says hackers are targeting the sites to steal driver's license numbers and other personally identifiable information. The sites affected were not named.

The department first heard about the issue earlier this year and informed 12 auto insurance instant quote sites in January that they were likely targeted.

"Following that alert, six more insurers reported to DFS the malicious targeting of their auto quote websites," the state agency says. "Two of those insurers reported that the attackers failed to gain access to NPI [nonpublic information] and four reported that the attackers did gain access to NPI or that their investigation was still ongoing."

The state agency says the campaign is likely tied to efforts to steal PII to use in fraudulent attempts to apply for pandemic-related benefits and unemployment insurance.

"Notably, the concerted effort to steal NPI from New Yorkers seems to have coincided with the implementation of enhanced identity requirements to obtain pandemic benefits in New York," the alert says.

DFS did not release any information on the number of individuals who have been victimized in these attacks in New York or elsewhere.

Stealing the Data
Fraudsters are using several techniques to infiltrate systems and then steal data from the instant quote websites, the alert says.

"On the auto quote websites, the criminals entered valid name, any date of birth and any address information into the required fields," the state agency says. "The automobile insurance quote websites then displayed an estimated insurance premium quote along with partial or redacted consumer NPI including a driver’s license number. The attackers captured the full, unredacted driver’s license numbers without going any further in the process and abandoned the quote."

The alert says the hackers:

Take advantage of vulnerabilities in the site to access unredacted PII directly from where it's stored;
Use developer debug tools to intercept and decode unredacted PII;
Use web browser developer tools to access the parts of the websites where the redacted data is stored;
After requesting a quote, enter an order to purchase an insurance policy, using fraudulent payment methods, to view the policy owner's driver's license number and other information;
Sometimes call an agent and use social engineering techniques to gain personal information.
The DFS Cyber Intelligence Unit has found complete step-by-step instructions to implement these techniques for sale on darknet forums.

Detecting an Attack
The initial telltale sign that a site is being hit with this style of attack is a spike in quote requests tied to an unusually large number of abandoned quotes taking place during a short period, the alert says.

"More broadly, regulated entities should look for any increase in consumer submissions that terminate as soon as NPI is revealed," DFS says.

If such activity is spotted, companies should check their server logs for indications of any manipulation of the website using web developer tools, state officials advise.

To help mitigate the risks, the state agency advises instant quote sites to make sure they're properly using Secure Sockets Layer, Transport Layer Security and HTTP Strict Transport Security and Hypertext Markup Language.

The state agency also suggests companies confirm that the technology they use for redaction and data obfuscation is properly implemented.

New User
New User
Posts: 2
Joined: Wed Nov 25, 2020 8:27 pm
Blog: View Blog (0)

Return to PDF's and Articles

Who is online

Users browsing this forum: No registered users and 0 guests