The cyber security world has been reacting to the latest developments around Dridex, with an arrest made, and the revelation that up to £20m has been stolen from UK bank accounts.
1. Jens Monrad, Systems Engineer, FireEye
"One thing that is a bit misleading, is that while Dridex is responsible for stealing millions of pounds from bank accounts, the capabilities of Dridex is much more than just targeting bank accounts.
"Dridex is an information stealing Trojan, meaning that not only is the victim in risk of losing money due to a compromised bank accounts, but victims, especially employees compromised with Dridex, are also putting their company at risk because Dridex can perform activities such as stealing credentials from applications, perform keystroke logging and also download further malicious payloads, such as backdoors."
2. Wieland Alge, General Manager EMEA, Barracuda Networks
"With the capability to harvest banking details, the threat is very direct and has already been successful in defrauding victims.
"The malware is being spread via an attachment sent out on phishing emails. These emails often appear legitimate and this makes the chances of a successful attack considerably higher and poses a risk to all organisations. With attacks being directed at personal and business email addresses, staff could fall victim whilst reading their emails at work, leaving corporate networks open to attack."
3. Darren White, VP of EMEA, Agari:
"Open standards like DMARC are emerging that allow savvy businesses to combat email vulnerability and remove the risk of an infected email ever reaching the intended recipient – their customers.
"Those businesses that take this responsibility seriously and secure their email channel will soon benefit from greater consumer trust, fewer fraud losses, less operational overheads and a significantly reduced chance of their customers being victim to this latest threat"
4. David Flower, Managing Director EMEA, Bit9 and Carbon Black
"Endpoint devices such as users’ laptops are not necessarily covered by traditional anti-virus (AV), and can easily be breached by a phishing attack, as AV is rarely capable of dealing with increasingly sophisticated threats.
"As such, it’s safe to assume that most banking websites have already been breached; in these instances, it is vital to be able to limit damage by detecting attackers while in the early stages, while also being able to track the kill-chain of any successful breach back to its original point of entry."
5. Piers Wilson, head of product management, Huntsman Security
"One risk is that your business users are exposing themselves to malware, whether that malware is specifically targeted against them or the wider organisation.
"Being able to watch for, detect, analyse and understand these threats is key – whether they are threatening staff bank accounts or your corporate crown jewels."
6. Kevin Epstein, VP of Threat Operations at Proofpoint:
"Dridex has been the dominant document attachment-based malware over the last year–it accounted for more than 90% of such malware, and impacted organizations of all sizes. It was not unusual to see multiple campaigns per day, many consisting of millions of emails at a time.
"Mainly designed to steal banking credentials, Dridex was distributed by multiple botnets. Proofpoint observed a complete cessation of Dridex distribution for 30 days following the recent arrest of a reported botnet administrator.
"Campaigns have resumed in the past weeks and it’s clear that Dridex isn’t over. We are back to seeing daily campaigns that distribute millions of emails."
7. George Quigley, Partner in KPMG’s Cyber Security practice
"In order for the malware to be installed, macros must be enabled in the attachments, but given that Microsoft disables this by default, users need to enable macros for the malware to be installed.
"Unfortunately many victims enable the macros and in turn allow the malware to install."
8. David Kennerley, senior manager for threat research, Webroot
"Attacks like these highlight the fact that no organisation is immune and that businesses really need to focus on educating employees. Comprehensive security systems are the first step, but prevention though knowledge is the key to stemming the onslaught of attacks we are seeing.
"Remember the delivery mechanism for Dridex is a simple email with a macro enabled attachment – as old school as it gets!"