Video Blog: Every Friday, we present to you the most pertinent, news-worthy stories regarding cyber safety. As we continually rely on online platforms to store our most private and vulnerable information, new techniques are in constant development in order to take advantage of this progressive landscape. Luckily, we’re here to keep you updated with the tools and trends necessary to be sure your cyber catalogues and valuable data aren’t at risk.
This Friday we sit down with Daniel Regalado to discuss the inconspicuously threatening nature of Dridex.
There are two terms in which we need to be familiar in order to understand what Dridex is and how it works:
Crimware: A type of software used to facilitate illegal, online activity.
Trojan: Just like the mythological, wooden horse that started the Trojan war, a Trojan is malware wrapped in an inconspicuous package intended to lure in unsuspecting victims in order to infiltrate their vulnerable data.
Dridex is a crimeware that uses a Trojan (usually a banking Trojan) in the form of an unassuming document (often a Microsoft Word or Excel document). Dridex uses these tactics to steal banking credentials by monitoring browsers upon installation to detect when the user is accessing certain bank accounts to draft and collect valuable and vulnerable data/information. Dridex uses various methods to infiltrate systems. Through e-mail campaigns, carefully written body information, combined with a subject title pertinent to the targets are used to lure in unsuspecting victims to open important looking attachments which ask for the end user to enable a macro used to hack the end user’s system. It also uses legitimate websites (such as DropBox) to apply the same techniques.
The biggest concern with Dridex as a threat is that it is ever evolving; constantly changing with the times. As users become privy to techniques, hackers find more inconspicuous means in which to breach users’ systems. Coming in a package as seemingly innocent as a Microsoft Word document, victims open files and enable macros without a second thought. This is such an inconspicuous tactic that most anti-virus software doesn’t even recognize it as a threat. Once the macro has been downloaded, the Trojan is downloaded and an encryption process is used to infiltrate the system through these seemingly harmless means. http://www.securityweek.com/word-documents-used-distribute-dridex-banking-malware
There are a few ways in which we can battle against Dridex:
1. Check the source
a. If you are not familiar with the sender, or an invoice has gone through that you did not personally request, DO NOT OPEN the file.
2. Never execute a file coming from the internet, especially if it hasn’t been requested.
3. Never enable macros coming from the internet.
Be sure to check out our Cyber Security Malicious Software Defender Certificate to learn how to mitigate these vulnerabilities – http://www.cybertraining365.com/cybertraining/LearningPaths/Cyber_Security_Malicious_Software_Defender