As the world spent much of May fixated on the WannaCry ransomware attack, it was easy to overlook the fact that there was an entire world of malware going about its business and thriving. It is unfair to fault anyone for the attention given to WannaCry, given that it sits on the nexus of NSA hacking, Microsoft vulnerability and general international intrigue; objectively, WannaCry is riveting. There was decidedly less fanfare and excitement that greeted the revival of Dridex; an online banking malware that steals online banking credentials and financial data by infiltrating a victim’s PC. During June alone, CYBONET, a provider of cyber security solutions to the SMB/E space, observed a dramatic rise in Dridex attacks being stopped by CYBONET’s systems worldwide.
The Dridex Strategy, Simple Yet Effective
Dridex (see a screenshot below taken from a CYBONET PineApp Mail Secure system) succeeds by luring users to open attachments from emails with simple Subjects (e.g. ‘Invoice’), from legitimate sounding businesses and with familiar sounding attachments.
The Dridex Macro
These attachments, when clicked, immediately begin a set of macros (a set of automated tasks initiated by a single command or ‘click’) that initiate Dridex. Since its first appearance in November 2014, Dridex has historically targeted employees in banking/financial institutions, having evolved from another online banking malware called Cridex.
Once executed, Dridex is able to initiate actions such as:
- Uploading and downloading files
- Taking screenshots of the browser and ultimately stealing personal and financial information
- Monitoring network traffic
- Taking over a user's other online accounts; screenshots providing Personally Identifiable Information (PII) and stolen login credentials make an individual vulnerable to privacy violations
Stay Vigilant, Educate and Plan
As mid-market and smaller businesses struggle to keep up with the emerging and, in the case of Dridex, re-emerging threats inundating networks around the world, it is becoming increasingly clear how ill prepared many organizations continue to be. While media attention helps to temporarily focus business owners, broader preparation and recognition of the daily threats that are facing their organizations remains a critical priority.