Dridex – security threat horrifying the world
Do you remember the times when the biggest danger to your money was losing the ID card? Well, these times are long gone and now we are faced with the real threats. Let us introduce Dridex.
What is it?
Dridex (a.k.a. Bugat or Cridex) is a malicious piece of malware that invades banking systems, allowing hackers to spy on customer’s accounts and steal millions from them. . It was first discovered by security researchers in 2014.
How can you be affected?
It isn’t hard to fall into Dridex’s web – the only thing you must do is open a seemingly normal-looking email. ‘Seemingly’ is the key word here, since unfortunately it contains viruses that track your activities and eventually get your personal details and exploit them.
What should companies do to keep safe?
Dominik Samociuk, one of our security experts at Future Processing shared a few tips that may appear helpful to stay ahead and outsmart hackers.
- Think about Dark Web
Dark Web is nothing else but the content of World Wide Web that exists on darknet. It is a set of websites that are publicly visible, but hide the IP addresses of the servers that run them. Therefore, they require specific software or authorization to access.
It is a good idea to get acquainted with it because standard security procedures and security testing don’t provide the knowledge of what tools hackers use, and what the actual trend in targeting banks and their customers is. Being familiar with dark-web’s activity, it is possible to be prepared for attacks even months before they surface to “real-world Internet”.
- Anticipate
Forward awareness is related to the fact that having intelligence in dark web’s activity, banks could identify and assess threats, prioritise risks and arrange mitigation plan. All these to address attacks beforehand and take advantage of new vulnerabilities. Through these procedures it may be possible to orchestrate when attacks are developed, before the actual exploitation takes place.
- Keep your plans a secret
It’s easier said than done. However, it has been reported that as far as Dridex case is considered, , at least few of the attacks related to bank industry had been discussed on the dark web exclusively before first attempts to execute them in real environment happened.
- Invest in security
Investing time to develop intelligence capabilities of IT Security engineers working in banks’ security departments is definitely worth considering. However, what is even more important is the fact that smaller financial institutions cannot afford to employ such educated and experienced employees. In such circumstances, it is a mission-critical aspect to have penetration tests performed by 3rd party companies.
The effects of the attack are now tempered. It is impossible to be fully protected from hacking attacks, since every time new security policies are introduced, hackers step up their game to get ahead. Similar malicious software emerge and there they are, able to hit again. Constant monitoring of the situation, being threat aware and applying our tips may be the way to go. After all, it is always better to be safe than sorry.
In response to: http://www.ibtimes.co.uk/ex-mi5-chief-lord-evans-banks-should-use-dark-web-outsmart-dridex-hackers-1524000