Story image

Dridex banking trojan targets Australian organisations

11 Apr 17

Proofpoint researchers have discovered a massive spike representing ‘millions of messages’ delivered by Dridex banking trojans that are targeting Australian organisations.

The Dridex trojan — and others like it — have been preying on victims in order to extract financial information such as banking details, credit card data and other logins. This information is then used to conduct fraudulent activities.

Kevin Epstein, Proofpoint’s VP of the Threat Operations Center, says Dridex is not a new trojan.

“Dridex quickly became one of the most notorious banking Trojans in 2015 when massive email campaigns began delivering the malware to millions of recipients. By the middle of 2016, Dridex was mostly being used in smaller attacks as the threat actors behind it turned to distributing Locky in even larger campaigns. Dridex never went away – the actors using it just changed tactics.”

Proofpoint describes two emails used to hide the trojan: One appearing to be from the Royal Australian Mint and the other from lowcostholidays.

Both emails contain double-zipped VB scripts, double-zipped executables or zipped RAR achives. When executed, the scripts downloaded either the Dridex trojan or “Quant Loader”, which then downloaded Dridex.

Another type contained macros to download the Dridex botnet.

He believes the attackers behind the malware trojans could be picking up steam again, particularly as the Trojan attacks have targeted Australia, the UK and France.

“We haven’t observed any malware campaigns of this size in 2017 – given a number of similarities to previous Locky and Dridex campaigns, it appears that these threat actors’ sending infrastructure is returning to full operation. It remains to be seen what that means for high-volume malware campaigns in the coming months.”

The company says organisations that use business accounts are particularly at risk from Trojans, as there could be millions of dollars worth of losses. Information security managers should be concerned when there’s so much at stake.

“While we have seen the pendulum swing this year towards smaller-scale attacks and campaigns, often with higher degrees of targeting and personalisation, the re-emergence of multi-million message campaigns suggests that organisations may now need to cope with a combination of strong social engineering, a wide range of malware, and high-volume spray-and-pray campaigns,” Epstein says.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.