CyberCrimeSecuritySecurity Management

Dridex Malware Raids £20m From UK Bank Accounts

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Not as bad as Zeus? Bank accounts are being looted worldwide in malware attack, authorities warn

A new sophisticated piece of malware is harvesting the online banking details of both consumers and businesses around the world, has prompted an official warning from the National Crime Agency (NCA).

It said that the malware is called Dridex malware, but is also known as Bugat and Cridex. It originates in Eastern Europe (namely Moldova) and is thought to be responsible for losses of £20 million in the UK alone.

International Fight

Dridex is reportedly being actively fought by cyber police around the world, including GCHQ, the FBI, CERT (UK’s Computer Emergency Response Team), the NCA, and Europol. German and Moldovan authorities are also involved.

“Some members of the public may also have unwittingly become victims of the Dridex malware and the National Crime Agency is encouraging all internet users to ensure they have up to date operating systems and anti-virus software installed on their machines, to protect themselves from further cyber crime attacks,” warned the NCA.

It said that Microsoft Windows-computers become infected with Dridex when users receive and open documents in seemingly legitimate emails. The malware reportedly records login and password details used to access online banking services and sends the information to the attackers who then use the information to steal from bank accounts.

Worried users are being urged to visit the CyberStreetWise and GetSafeOnline websites where a number of anti-virus tools are available to download to help clean up infected machines and get advice and guidance on how to protect themselves in the future.

The NCA said that it is working with the FBI to ‘sinkhole’ the malware, by stopping infected computers (botnet) from communicating with the cyber criminals controlling them. A large part of the botnet has been rendered harmless by the the National Cyber Crime Unit (NCCU).

Young man in handcuffs - copyright FotoliaA “significant” arrest has already taken place, with more arrests expected, said the NCA.

“This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to made,” said Mike Hulett, Head of Operations at the National Crime Agency’s National Cyber Crime Unit (NCCU).

As Bad As Zeus?

“Those who commit cyber crime are very often highly-skilled and can be operating from different countries and continents,” said Executive Assistant Director Robert Anderson from the FBI. “They can and will deploy new malware and we, along with our partners, are alive to this threat and are constantly devising new approaches to tackle cyber crime.

“We urge all internet users to take action and update your operating system,” said Anderson. “Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails”.

stealing bank detailsSecurity researchers with Dell SecureWorks Counter Threat Unit (CTU) have also apparently teamed up with the FBI, the NCA and the Shadowserver Foundation to takedown the Dridex botnet.

It said that the Dridex botnet operators and their affiliates had targeted customers of countless financial institutions – both large and small – (banks, credit card companies and popular online payment services) in 27 different countries.

“The takedown of the Gameover Zeus botnet in June 2014 as part of Operation Tovar left a void in the cybercriminal community, particularly for those targeting financial institutions,” said Brett Stone-Gross of Dell SecureWorks’ Counter Threat Unit.

“To fill this gap, threat actors created new botnets, including Dridex and Dyre,” said Stone-Gross. “CTU researchers have observed a significant overlap in the tactics, techniques, and procedures (TTPs) between Gameover Zeus and both Dridex and Dyre, indicating that previous affiliates had moved on to new botnet business ventures and were continuing to carry out their fraudulent activities. However, neither Dridex or Dyre has been able to rival the sophistication, size, and success of Gameover Zeus.”

How much do you know about famous hackers? Try our quiz!