Posted on Jun 28, 2015
Update: Although a major portion of Dridex has been taken down recently by the FBI, researchers are reminding organizations that there is an underground economy for botnets that offer this level of stealth. There is little doubt that Dridex, and new versions of it, are being circulated.
"Think of it this way: When Zeus was taken down by Microsoft that didn't eliminate the Zeus botnet," said Chief of Research for SecurityScorecard, Alex Heid. "It is a commercial kit that is sold and resold. Take downs affect big players, but anyone who hasn't made it on the radar is still up and running."
Led by our Chief of Research, Alex Heid, SecurityScorecard releases its first research report: The Current State of Banking Malware. The report dives in to three specific banking malware variants for the first two quarters of 2015, but more importantly, it reinforces the strength of the Zeus family of malware which has been in circulation since 2007. SecurityScorecard sinkholes have identified a rising threat trend for credential-based, wire-transfer bank fraud within the following malware classifications: Dridex, Bebloh, and TinyBanker.
Download the report.
SecurityScorecard’s research and development team has analyzed banking malware and discovered distinct patterns of obfuscation and multiple, evolving malicious code bases. The top three banking malware families being captured are all direct variants of Zeus, or mimic Zeus-like functionalities. These malware attacks are the preferred method of obtaining stolen credentials, especially when traditional attacks on web applications or network-based attacks are being monitored by internal security teams.
UPDATE: A stealthy Dridex campaign has been discovered that targets accountants and evades the majority of antivirus tools, according to SC Magazine.
Organizations continue to need to raise the bar for employees on security awareness and security education training to help limit the damage from employee-targeted attacks via spam and spear phishing. Additionally, all companies that use wire transfer or automated clearinghouses (ACH) need to make employees and third party partners more mindful of the existence of banking malware, and understand its potential to harm your bottom line. Security awareness and education, however, may not be enough. There are tools on the market that can give you the visibility and proactive remediation options to close the loop with partners, suppliers— and all third parties affected by banking malware.
Banking malware continues to catch the attention of security researchers as attack styles continue to evolve. Dyre has received much attention in late 2014 and 2015. It has also caught the attention of financial media organizations, such as The Street. Dyre malware, which SecurityScorecard's research and development team observed in our proprietary sinkholes for this Q1/Q2 report, has shown a 125% increase in attacks quarter over quarter, according to TrendMicro.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.