October 19, 2015

A botnet behind Dridex is down, one less thieving malware

Business

Any bank workers here? Cross one off of your list of banking malware – Dridex is no more.

Dridex is a sophisticated banking malware stealing credentials of online bank accounts worldwide.

“As is typical for many banking Trojans, Dridex enters the PC through an infected email and attachment, or in some cases, an infected word document are rife in this type of attack,” said David Emm, Kaspersky Lab’s Principal Security Researcher, Global Research & Analysis Team. “Essentially, this gives hackers a backdoor to conduct espionage, data exfiltration and remote control. Like a bug, once in the system, hackers can move around the system until they find their point of interest. Ultimately, this means they can extract any data useful to them.”

Dridex, also known as Bugat and Cridex, has been a bit more successful than its counterparts: estimated losses are somewhere between $10 million and £20 million (~$31 million).

According to US law enforcement agencies, the passwords stolen by Dridex were used to fraudulently transfer funds from victimized accounts to money mules who laundered the money for the criminals.

In late August, a 30-year-old Moldovan individual by the name Andrey Ghinkul was arrested in Cyprus for the alleged development and distribution of the malware. While  there was apparently a whole gang behind Dridex, the malware’s activities experienced a sharp drop almost immediately.

main

And now thanks to a joint effort between the FBI, US Department of Justice, UK National Crime Agency and a number of other European law enforcement and technology companies, it’s infrastructure – i.e. botnet – has been blasted as well.

“It is vital that we all take responsibility and remain extra vigilant of any suspect activity, reporting it immediately for the fight against cybercrime,” David Emm says.

There is a number of recommendations for home and business users to prevent attacks from banking or any other kind of malware:

– Make sure that your systems and all software are up to date. Hackers also watch updates closely and seek to exploit newly announced flaws ASAP.
– Don’t click on suspicious emails and links, unless their source can be verified. Phishers can be extremely resourceful these days.
– Make sure your passwords are strong and kept safely.

“Exploiting vulnerabilities in our passwords is a top priority for hackers and they are therefore often our first line of defense when it comes to protecting online transactions,” David Emm says. “We need to make sure any passwords are changed and that we never use the same username and password on several different sites, as this is key to giving cybercriminals easy access to bank and e-commerce accounts.”

It is advisable to have a fully-featured IT security solution (such as Kaspersky Lab’s business security products) deployed, ensuring protection against malware (banking or any other), phishing attempts, exploits, and other cyberthreats. For more information kindly visit here.