Story image

Dridex banking trojan targets Australian organisations

11 Apr 2017

Proofpoint researchers have discovered a massive spike representing ‘millions of messages’ delivered by Dridex banking trojans that are targeting Australian organisations.

The Dridex trojan — and others like it — have been preying on victims in order to extract financial information such as banking details, credit card data and other logins. This information is then used to conduct fraudulent activities.

Kevin Epstein, Proofpoint’s VP of the Threat Operations Center, says Dridex is not a new trojan.

“Dridex quickly became one of the most notorious banking Trojans in 2015 when massive email campaigns began delivering the malware to millions of recipients. By the middle of 2016, Dridex was mostly being used in smaller attacks as the threat actors behind it turned to distributing Locky in even larger campaigns. Dridex never went away – the actors using it just changed tactics.”

Proofpoint describes two emails used to hide the trojan: One appearing to be from the Royal Australian Mint and the other from lowcostholidays.

Both emails contain double-zipped VB scripts, double-zipped executables or zipped RAR achives. When executed, the scripts downloaded either the Dridex trojan or “Quant Loader”, which then downloaded Dridex.

Another type contained macros to download the Dridex botnet.

He believes the attackers behind the malware trojans could be picking up steam again, particularly as the Trojan attacks have targeted Australia, the UK and France.

“We haven’t observed any malware campaigns of this size in 2017 – given a number of similarities to previous Locky and Dridex campaigns, it appears that these threat actors’ sending infrastructure is returning to full operation. It remains to be seen what that means for high-volume malware campaigns in the coming months.”

The company says organisations that use business accounts are particularly at risk from Trojans, as there could be millions of dollars worth of losses. Information security managers should be concerned when there’s so much at stake.

“While we have seen the pendulum swing this year towards smaller-scale attacks and campaigns, often with higher degrees of targeting and personalisation, the re-emergence of multi-million message campaigns suggests that organisations may now need to cope with a combination of strong social engineering, a wide range of malware, and high-volume spray-and-pray campaigns,” Epstein says.

Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.