The National Crime Agency warned that Dridex malware has likely infected thousands of machines in the UK. It said that several global financial institutions and a variety of payment systems were targeted.
The FBI has brought down much of the botnet behind the infection and is seeking the extradition of a Moldovan man they allege is behind the massive fraud. More arrests and extraditions are expected in the next few weeks.
Dridex itself seems to be a tweaked version of older malware called Bugat which has been in use since 2009. And it gets into systems the good old-fashioned way – by users unwittingly opening infected attachments to emails.
Then it uses keylogging software to harvest banking log-in details which are sent back to the crooks.
It was used to attempt a $999,000 wire transfer from a school district in Pennsylvania to an account in the Ukraine. A US oil company was also targeted and sent over $2m to an account in Russia.
The FBI warned: “We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails”.
The attachments looked like standard Microsoft Office files, Word Docs this time, and were carefully targeted according to the FBI.
Despite the best efforts of the police and other agencies it is unlikely that this will be last we see of such attacks. Indeed just weeks after the FBI arrests researchers at Palo Alto Network’s Unit 42 saw a fresh wave of Dridex phishing emails with the majority aimed at UK businesses.
CIOs must of course keep systems up-to-date – if you don’t you’re not going to keep your job for long.
But more importantly they must keep staff up-to-date.
The only way to protect your business is to maintain a culture with some healthy suspicion. We can be sure that the next attack will be better at avoiding spam filters, more carefully written and targeted at just the right person.
Cyber-crooks are making millions of pounds from this activity so there’s little reason for them to stop.
Staff, especially those likely to be targeted – those in finance for example – need to know the risks.
They need to know that this is not just marketing guff from anti-virus firms. There are real criminals carrying out real and lucrative crimes.
The Office of National Statistics has just started counting cyber-crimes. It reckons there were 5.1m offences of online fraud in the last year and over half led to an initial financial loss.
In comparison there were 6.5m recorded offences against property and people in England in and Wales in the same period.
So your organisation’s culture needs to be as aware of the dangers of cyber attacks as it is to locking vehicles and buildings.
The days of comical Nigerian prince emails are over. The new attackers are intelligent, informed and extremely skilled. Your staff need to be equally prepared.
