View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 14, 2015

8 things you need to know about the Dridex UK bank hack

List: The cyber security world takes stock of the latest Dridex revelations.

By Charlotte Henry

The cyber security world has been reacting to the latest developments around Dridex, with an arrest made, and the revelation that up to £20m has been stolen from UK bank accounts.

1. Jens Monrad, Systems Engineer, FireEye

"One thing that is a bit misleading, is that while Dridex is responsible for stealing millions of pounds from bank accounts, the capabilities of Dridex is much more than just targeting bank accounts.

"Dridex is an information stealing Trojan, meaning that not only is the victim in risk of losing money due to a compromised bank accounts, but victims, especially employees compromised with Dridex, are also putting their company at risk because Dridex can perform activities such as stealing credentials from applications, perform keystroke logging and also download further malicious payloads, such as backdoors."

2. Wieland Alge, General Manager EMEA, Barracuda Networks

"With the capability to harvest banking details, the threat is very direct and has already been successful in defrauding victims.

"The malware is being spread via an attachment sent out on phishing emails. These emails often appear legitimate and this makes the chances of a successful attack considerably higher and poses a risk to all organisations. With attacks being directed at personal and business email addresses, staff could fall victim whilst reading their emails at work, leaving corporate networks open to attack."

3. Darren White, VP of EMEA, Agari:

"Open standards like DMARC are emerging that allow savvy businesses to combat email vulnerability and remove the risk of an infected email ever reaching the intended recipient – their customers.

"Those businesses that take this responsibility seriously and secure their email channel will soon benefit from greater consumer trust, fewer fraud losses, less operational overheads and a significantly reduced chance of their customers being victim to this latest threat"

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

4. David Flower, Managing Director EMEA, Bit9 and Carbon Black

"Endpoint devices such as users’ laptops are not necessarily covered by traditional anti-virus (AV), and can easily be breached by a phishing attack, as AV is rarely capable of dealing with increasingly sophisticated threats.

"As such, it’s safe to assume that most banking websites have already been breached; in these instances, it is vital to be able to limit damage by detecting attackers while in the early stages, while also being able to track the kill-chain of any successful breach back to its original point of entry."

5. Piers Wilson, head of product management, Huntsman Security

"One risk is that your business users are exposing themselves to malware, whether that malware is specifically targeted against them or the wider organisation.

"Being able to watch for, detect, analyse and understand these threats is key – whether they are threatening staff bank accounts or your corporate crown jewels."

6. Kevin Epstein, VP of Threat Operations at Proofpoint:

"Dridex has been the dominant document attachment-based malware over the last year–it accounted for more than 90% of such malware, and impacted organizations of all sizes. It was not unusual to see multiple campaigns per day, many consisting of millions of emails at a time.

"Mainly designed to steal banking credentials, Dridex was distributed by multiple botnets. Proofpoint observed a complete cessation of Dridex distribution for 30 days following the recent arrest of a reported botnet administrator.

"Campaigns have resumed in the past weeks and it’s clear that Dridex isn’t over. We are back to seeing daily campaigns that distribute millions of emails."

7. George Quigley, Partner in KPMG’s Cyber Security practice

"In order for the malware to be installed, macros must be enabled in the attachments, but given that Microsoft disables this by default, users need to enable macros for the malware to be installed.

"Unfortunately many victims enable the macros and in turn allow the malware to install."

8. David Kennerley, senior manager for threat research, Webroot

"Attacks like these highlight the fact that no organisation is immune and that businesses really need to focus on educating employees. Comprehensive security systems are the first step, but prevention though knowledge is the key to stemming the onslaught of attacks we are seeing.

"Remember the delivery mechanism for Dridex is a simple email with a macro enabled attachment – as old school as it gets!"

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.