Dridex malware drains millions from UK bank accounts

The National Crime Agency is urging users to protect themselves against cyber attacks following at least £20m losses to a cyber crime gang using Dridex banking malware.

This strand of malware is designed to steal banking credentials and allow attackers to transfer money from the victim's accounts. Victims are often infected silently by opening malicious documents or links emailed to them in a targeted phishing campaign.

James Maude, Senior Security Engineer at Avecto said this latest attack highlights the pitfalls of reactive security:

"This latest malware campaign is a perfect example of the cat and mouse game that traditional reactive security solutions play with malware authors. Dridex implements several features to avoid detection and uses peer-to-peer (P2P) communications to hide the command and control servers and evade network defences. As well as harvesting banking credentials the malware can also be used in denial of service attacks on banks where large volumes of traffic overwhelm the banks website and distract from the money being stolen. Ultimately the attackers always have the upper hand being able to evolve and bypass detection based solutions.

"In order to get ahead of the latest malware threats we need to accept that detection will fail, with AV only effective less than 50% of the time. Instead we need to move to a proactive model that is agnostic to the threats by removing admin rights to prevent easy access and control of the system and application control capable of blocking unknown payloads. Ideally unknown content from the internet should be executed in an isolated environment, this not only protects the system and users data but provides a unique context to kill and log all unwanted attempts to execute payloads."