Banking Malware Trends Q1/Q2
SecurityScorecard Releases First Major Research Report for 2015
Update: Although a major portion of Dridex has been taken down recently by the FBI, researchers are reminding organizations that there is an underground economy for botnets that offer this level of stealth. There is little doubt that Dridex, and new versions of it, are being circulated.
“Think of it this way: When Zeus was taken down by Microsoft that didn’t eliminate the Zeus botnet,” said Chief of Research for SecurityScorecard, Alex Heid. “It is a commercial kit that is sold and resold. Take downs affect big players, but anyone who hasn’t made it on the radar is still up and running.”
Research About Banking Malware, Including Dridex
Led by our Chief of Research, Alex Heid, SecurityScorecard releases its first research report: The Current State of Banking Malware. The report dives in to three specific banking malware variants for the first two quarters of 2015, but more importantly, it reinforces the strength of the Zeus family of malware which has been in circulation since 2007. SecurityScorecard sinkholes have identified a rising threat trend for credential-based, wire-transfer bank fraud within the following malware classifications: Dridex, Bebloh, and TinyBanker.
Download the report.
SecurityScorecard’s research and development team has analyzed banking malware and discovered distinct patterns of obfuscation and multiple, evolving malicious code bases. The top three banking malware families being captured are all direct variants of Zeus, or mimic Zeus-like functionalities. These malware attacks are the preferred method of obtaining stolen credentials, especially when traditional attacks on web applications or network-based attacks are being monitored by internal security teams.
UPDATE: A stealthy Dridex campaign has been discovered that targets accountants and evades the majority of antivirus tools, according to SC Magazine.
Make Third Party Partners, Vendors and Suppliers More Aware of Banking Malware
Organizations continue to need to raise the bar for employees on security awareness and security education training to help limit the damage from employee-targeted attacks via spam and spear phishing. Additionally, all companies that use wire transfer or automated clearinghouses (ACH) need to make employees and third party partners more mindful of the existence of banking malware, and understand its potential to harm your bottom line. Security awareness and education, however, may not be enough. There are tools on the market that can give you the visibility and proactive remediation options to close the loop with partners, suppliers— and all third parties affected by banking malware.
Banking malware continues to catch the attention of security researchers as attack styles continue to evolve. Dyre has received much attention in late 2014 and 2015. It has also caught the attention of financial media organizations, such as The Street. Dyre malware, which SecurityScorecard’s research and development team observed in our proprietary sinkholes for this Q1/Q2 report, has shown a 125% increase in attacks quarter over quarter, according to TrendMicro.