In conjunction with #OpIcarus2018, hacker “SHIZEN” of Pryzraky has launched a series of web attacks and DDoS against central banks worldwide. Chief among them was an attack on the Central Bank of the Bahamas, which was downed for well over 24 hours between the dates of December 12th to 14th, 2018. As of 9 a.m. Friday morning the banks official website appears to be back up and running again, but the sites administrators have had to install Cloudflare just to make this happen.
Upon investigating the website further, the sites theme manager and developer, Thyme Online, has still yet to even install an active SSL certificate for the website and its front-end still suffers from a lack of basic and fundamental security measures. According to their web page, the Central Bank of the Bahamas currently manages over 55 million dollars in assets, but it remains unclear how much a financial impact the latest cyber attack has had on their business.
According to SHIZEN, “The Central Bank Of Bahamas it’s an easy target, the website is protected by Cloudflare but as long as the DDoS doesn’t exceed the 1 TBPS limit. I have attacked with a Python Script named: http://leet.py & http://blastaered.pl The website has been taken down for 28 hours before it was changed over to Cloudflare, now if you make an check-host you can see an error “503 (Service Temporarily Unavailable)”, the website works because he have changed the Cloudflare, so I think I’ll try to take down it with an IRC Botnet or an MIRAI next.” Rogue Security Labs has reached out to the Bahamas Central Bank for comment on the incident, but as of December 15th 2018 the bank has declined to respond.
Website Hit: hxxp://centralbankbahamas.com
American Bank Proxy: 220.127.116.11
Target Behind Cloudflare: 18.104.22.168