The National Crime Agency has warned that UK internet users should protect themselves against Dridex, a significant strain of malicious software which has cost victims in the region of £20 million so far.
Ronnie Tozakowski, senior researcher at PhishMe has offered @DFMag the following insight:
“The challenge for all of us is that attackers constantly tweak their malware to avoid detection. We’ve been monitoring Dridex, as well as numerous other banking malware and trojans, and the each new iteration is designed to evade anti-virus, sandboxing, and other detection technologies. One example is, back in March and even though Dridex was known malware at the time, we identified a variant that was not being flagged as malicious by any of the anti-virus programs. Another sandbox evasion technique they included needed user-input to ‘push the button’. Even once it had been downloaded, detection was grim as just five out of 57 AV vendors were picking up on it making it very difficult to detect.
“For Dridex and other banking trojans, bypassing security defences is child’s play. One of the best ways to stop these attacks is to catch them early in the delivery phase, as this will hinder the attackers operations. Trained users are instrumental in early detections, and a person who can correctly identify a majority of phishing attacks is an asset to security, particularly if your organization has a program in place to gather user reports of suspicious emails. These employee-sourced reports provide the incident response (IR) team and security operations analysts with the information needed to rapidly respond to potential phishing attacks and mitigate the risk from those that may fall prey to them. Organisations should capitalize on the users that can become active human sensors and act like informants for the IR teams.”