Criminal gangs are using a new piece of harmful malware called Dridex to steal bank account details from both individuals and businesses, the National Crime Agency is warning.

It’s been used to steal an estimated £20 million in the UK alone.

Security expert Brian Krebs, on his blog Krebs on Security, estimates that over $100 million has been stolen worldwide from banks and businesses by a cybercrime gang using the software, which is also known as Cridex and Bugat.

What to watch out for
The virus is distributed via email attachments. The email will typically seek to get the recipient to open this attachment by suggesting that an invoice or details of a payment are contained within the attachment.

When opened, the malicious software installs itself on the target computer. It can then snoop on internet traffic and steal information such as usernames and passwords with the aim of using these to compromise bank accounts.

Dridex malware used to raid bank accounts

Dridex malware used to raid bank accounts

The FBI has revealed that a 30-year-old Moldovan man, Andrey Ghinkul, was arrested on August 28 in Cyprus on suspicion of criminal conspiracy, unauthorised computer access with intent to defraud and bank fraud, among other charges in a nine-count indictment.

He allegedly ran a network of ‘zombie’ computers infected with malware that forced them to forward the virus to more people, unbeknown to the owners of the infected computers. This arrangement is known as a ‘botnet’, short for ‘robot network’.

Mike Hulett, Head of Operations at the UK’s National Cyber Crime Unit, described Dridex as a “particularly virulent form of malware”. Hulett said that further arrests are expected to be made.

The United States is seeking Ghinkul’s extradition – it estimates the loss of $10 million to Dridex-related crime within its borders.

Is it still going on?

The FBI says that action taken by the UK and USA has “substantially disrupted” the criminal operation. The arrest of Ghinkul was followed up by action taken by the Dell SecureWorks Counter Threat Unit, which was given permission to attack Ghinkul’s botnet and take it over to prevent the further dissemination of the software.

The group behind the attacks called themselves ‘Evil Corp’, possibly in reference to the hacktivist drama Mr Robot in which a large company of the same name appears. They largely attacked businesses, so it is perhaps unlikely – though not impossible – that you have been affected by it.

But the Dridex software still exists and it, or similar software, could in future be used by other criminals. It is certainly not the the only piece of malicious code that could exploit your bank account details.

If you receive emails that look at all suspicious, do not open attachments or click on links, and do not reply.

Source: BT

Leave a Reply