{"id":15108,"date":"2015-10-19T16:59:10","date_gmt":"2015-10-19T16:59:10","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=4658"},"modified":"2020-02-26T11:03:33","modified_gmt":"2020-02-26T16:03:33","slug":"dridex-down","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/dridex-down\/15108\/","title":{"rendered":"A botnet behind Dridex is down, one less thieving malware"},"content":{"rendered":"<p>Any bank workers here? Cross one off of your list of banking malware \u2013 Dridex <a href=\"https:\/\/threatpost.com\/law-enforcement-shuts-down-dridex-operation\/115036\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">is no more.<\/a><\/p>\n<p>Dridex is a sophisticated banking malware stealing credentials of online bank accounts worldwide.<\/p>\n<p>\u201cAs is typical for many banking Trojans, Dridex enters the PC through an infected email and attachment, or in some cases, an infected word document are rife in this type of attack,\u201d said David Emm, Kaspersky Lab\u2019s Principal Security Researcher, Global Research &amp; Analysis Team. \u201cEssentially, this gives hackers a backdoor to conduct espionage, data exfiltration and remote control. Like a bug, once in the system, hackers can move around the system until they find their point of interest. Ultimately, this means they can extract any data useful to them.\u201d<\/p>\n<blockquote class=\"twitter-pullquote\"><p>A botnet behind #Dridex is down, one less thieving #malware<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FSg39&amp;text=A+botnet+behind+%23Dridex+is+down%2C+one+less+thieving+%23malware\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>Dridex, also known as Bugat and Cridex, has been a bit more successful than its counterparts: estimated losses are somewhere between $10 million and \u00a320 million (~$31 million).<\/p>\n<p>According to US law enforcement agencies, the passwords stolen by Dridex were used to fraudulently transfer funds from victimized accounts to money mules who laundered the money for the criminals.<\/p>\n<p>In late August, a 30-year-old Moldovan individual by the name Andrey Ghinkul was arrested in Cyprus for the alleged development and distribution of the malware. While \u00a0there was apparently a whole gang behind Dridex, the malware\u2019s activities experienced a sharp drop almost immediately.<\/p>\n<p>And now thanks to a joint effort between the FBI, US Department of Justice, UK National Crime Agency and a number of other European law enforcement and technology companies, it\u2019s infrastructure \u2013 i.e. botnet \u2013 <a href=\"http:\/\/www.justice.gov\/opa\/pr\/bugat-botnet-administrator-arrested-and-malware-disabled\" target=\"_blank\" rel=\"noopener nofollow\">has been blasted as well<\/a>.<\/p>\n<p>\u201cIt is vital that we all take responsibility and remain extra vigilant of any suspect activity, reporting it immediately for the fight against cybercrime,\u201d David Emm says.<\/p>\n<p>There is a number of recommendations for home and business users to prevent attacks from banking or any other kind of malware:<\/p>\n<p>\u2013 Make sure that your systems and all software are up to date. Hackers also watch updates closely and seek to exploit newly announced flaws ASAP.<br>\n\u2013 Don\u2019t click on suspicious emails and links, unless their source can be verified. Phishers can be extremely resourceful these days.<br>\n\u2013 Make sure your passwords are strong and kept safely.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>It is vital that we all take responsibility for our\u00a0cybersafety #protectmybiz<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FSg39&amp;text=It+is+vital+that+we+all+take+responsibility+for+our%C2%A0cybersafety+%23protectmybiz\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>\u201cExploiting vulnerabilities in our passwords is a top priority for hackers and they are therefore often our first line of defense when it comes to protecting online transactions,\u201d David Emm says. \u201cWe need to make sure any passwords are changed and that we never use the same username and password on several different sites, as this is key to giving cybercriminals easy access to bank and e-commerce accounts.\u201d<\/p>\n<p>It is advisable to have a fully-featured IT security solution (such as Kaspersky Lab\u2019s business security products) deployed, ensuring protection against malware (banking or any other), phishing attempts, exploits, and other cyberthreats. For more information kindly visit <a href=\"https:\/\/www.kaspersky.com\/business-security\" target=\"_blank\" rel=\"noopener nofollow\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A botnet behind Dridex, a sophisticated banking malware stealing credentials of online bank accounts worldwide, are down.<\/p>\n","protected":false},"author":209,"featured_media":15507,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[2057,2345,80,2300],"class_list":{"0":"post-15108","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-banking-malware","10":"tag-dridex","11":"tag-fraud","12":"tag-takedown"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/dridex-down\/15108\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/dridex-down\/15011\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/dridex-down\/15108\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/dridex-down\/15108\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/banking-malware\/","name":"banking malware"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=15108"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15108\/revisions"}],"predecessor-version":[{"id":33581,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/15108\/revisions\/33581"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15507"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=15108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=15108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=15108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}