What motivates online criminals? Money, of course. Based on recent research by cyber intelligence firm buguroo, you can make a lot of money spreading malicious code around the Internet. The crooks who distribute the banking Trojan Dridex make about US$800,000 for every 16,000 stolen credentials. Based on the number of campaigns they are able to conduct, they’re stealing over US$50 million per year.
Here’s how their illicit business works:
What exactly is Dridex? Webopedia explains:
Dridex is a strain of banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers can steal banking credentials and other personal information on the system to gain access to the financial records of a user.
Wondering what it looks like to be a target of a Dridex infestation?
Dridex operates by first arriving on a user’s computer as a malicious spam e‑mail with a Microsoft Word document attached to the message. If the user opens the document, a macro embedded in the document surreptitiously triggers a download of the Dridex banking malware, enabling it to first steal banking credentials and then attempt to generate fraudulent financial transactions.
Here’s a screen shot of an infected email:
Would you open this attachment and enable the macros? Would your CFO? We know plenty of people are opening it, otherwise the criminals would switch to another line of attack.
Your best defense is to train your people to be skeptical of unexpected emails. Pick up the phone and verify or ask a co-worker to give it a second look. You could also strip such attachments from inbound email, but that might cause too much trouble for your business.
What are you doing to protect yourself? To detect Dridex infestations?