UK and US-based investigations target harmful international cyber campaigns

The US Department of Justice (DoJ) has formally charged the leader of an organised cyber criminal group for their involvement in a malicious campaign affecting Government, infrastructure, business and the public globally. UK and US-based investigations by the National Crime Agency (NCA), the FBI and the National Cyber Security Centre (NCSC) have revealed the creation and deployment of Dridex malware has caused financial losses of hundreds of millions in the UK alone.

Paul Chichester, the NCSC’s director of operations, commented: “This announcement is the result of a multi-year investigation with our law enforcement and international partners. Dridex has been targeting UK victims since at least 2014, compromising and stealing from large organisations, SMEs and the general public alike. Malware is a continuing cyber threat, but we can all reduce our risk of becoming victims to cyber criminals by ensuring that our devices are patched, anti-virus is turned on and up-to-date and files are backed up.”

Dridex is a strain of malware known as a financial trojan that has been affecting the UK since late 2014. Its victims cover Government, Critical National Infrastructure, business and the public.

Dridex infects devices through a variety of means. Frequently, this is done via malicious attachments in phishing e-mails, or it’s dropped by another piece of existing malware, for example Emotet.

Range of capabilities

Once active on a compromised computer, Dridex has a wide range of capabilities. Most commonly, it steals a user’s passwords, personal information and banking details for use in fraudulent transactions. It can do this even when web browsing would be considered otherwise secure (eg over HTTPS).

Dridex also has the capability to monitor other activity on a computer, allowing malicious actors to take screenshots and upload and download files and tools. Those responsible can use additional tools to help them move through a victim’s network.

This is of particular use when attacking businesses. Actors may choose to move on to business-critical systems, such as payroll, and deploy tools like ransomware.

Cyber criminals manage Dridex through a large system of compromised computers worldwide known as a botnet. Through this system, they’re able to pull back the stolen data and issue their commands, conducting crimes at a vast scale.

Reducing the infection risk

The NCSC has previously published guidance on how organisations can reduce their risk of malware infection.

If you think you’ve been subject to online fraud or cyber crime, contact Action Fraud at https://www.actionfraud.police.uk

The NCSC runs a commercial scheme call ‘Cyber Incident Response’, whereby certified companies provide crisis support to affected organisations. More information on how and when to report an incident to the NCSC.

Advice on how to effectively detect, respond to and resolve cyber incidents is also contained within the NCSC’s incident management guidance.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts