View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Digital Transformation
November 2, 2015updated 28 Mar 2017 3:47pm

Dridex Shows Malware Writers are Going After the Money

UK businesses and individuals have lost an estimated £20m thanks to the latest cyber-attack.

By John Oates

The National Crime Agency warned that Dridex malware has likely infected thousands of machines in the UK. It said that several global financial institutions and a variety of payment systems were targeted.

The FBI has brought down much of the botnet behind the infection and is seeking the extradition of a Moldovan man they allege is behind the massive fraud. More arrests and extraditions are expected in the next few weeks.

Dridex itself seems to be a tweaked version of older malware called Bugat which has been in use since 2009. And it gets into systems the good old-fashioned way – by users unwittingly opening infected attachments to emails.

Then it uses keylogging software to harvest banking log-in details which are sent back to the crooks.

It was used to attempt a $999,000 wire transfer from a school district in Pennsylvania to an account in the Ukraine. A US oil company was also targeted and sent over $2m to an account in Russia.

The FBI warned: “We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails”.

The attachments looked like standard Microsoft Office files, Word Docs this time, and were carefully targeted according to the FBI.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Despite the best efforts of the police and other agencies it is unlikely that this will be last we see of such attacks. Indeed just weeks after the FBI arrests researchers at Palo Alto Network’s Unit 42 saw a fresh wave of Dridex phishing emails with the majority aimed at UK businesses.

CIOs must of course keep systems up-to-date – if you don’t you’re not going to keep your job for long.

But more importantly they must keep staff up-to-date.

The only way to protect your business is to maintain a culture with some healthy suspicion. We can be sure that the next attack will be better at avoiding spam filters, more carefully written and targeted at just the right person.

Cyber-crooks are making millions of pounds from this activity so there’s little reason for them to stop.

Staff, especially those likely to be targeted – those in finance for example – need to know the risks.

They need to know that this is not just marketing guff from anti-virus firms. There are real criminals carrying out real and lucrative crimes.

The Office of National Statistics has just started counting cyber-crimes. It reckons there were 5.1m offences of online fraud in the last year and over half led to an initial financial loss.

In comparison there were 6.5m recorded offences against property and people in England in and Wales in the same period.

So your organisation’s culture needs to be as aware of the dangers of cyber attacks as it is to locking vehicles and buildings.

The days of comical Nigerian prince emails are over. The new attackers are intelligent, informed and extremely skilled. Your staff need to be equally prepared.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.