UK Internet users potential victims of “serious cyber attack” warns National Crime Agency

Dridex malware, also known as Bugat and Cridex, has been developed by technically skilled cyber criminals in Eastern Europe to harvest online banking details

Dridex malware, also known as Bugat and Cridex, has been developed by technically skilled cyber criminals in Eastern Europe to harvest online banking details

UK Internet users are being urged to protect themselves against a significant strain of malicious software (or malware) which has enabled criminals to steal millions of pounds from UK bank accounts.

Dridex malware, also known as Bugat and Cridex, has been developed by technically-skilled cyber criminals in Eastern Europe to harvest online banking details which are then exploited to steal money from individuals and businesses around the world. Global financial institutions and a variety of different payment systems have been particularly targeted, with UK losses already estimated at £20 million. Some members of the public may also have unwittingly become victims of the Dridex malware.

The National Crime Agency is now encouraging all Internet users to ensure they have up-to-date operating systems and anti-virus software installed on their machines to protect themselves from further cyber crime attacks.

Computers become infected with Dridex malware when users receive and open documents in seemingly legitimate e-mails. The National Crime Agency estimates that there could be “thousands” of infected computers in the UK, the majority being Windows users.

Users are urged to visit the CyberStreetWise and GetSafeOnline websites where a number of anti-virus tools are available to download to help clean up infected machines and receive advice and guidance on how to protect themselves in the future.

‘Sinkhole’ the malware

The National Crime Agency is conducting activity designed to ‘sinkhole’ the malware, stopping infected computers – known as a botnet – from communicating with the cyber criminals controlling them. This activity is in conjunction with a US ‘sinkhole’ currently being undertaken by the FBI.

The agency’s National Cyber Crime Unit (NCCU) has rendered a large portion of the botnet harmless and is now initiating remediation activity to safeguard victims. This activity is part of a sustained and ongoing campaign targeting multiple versions of Dridex and the cyber criminals behind it who operate in hard to reach parts of the world.

With support from EC3 and JCAT at Europol, the Metropolitan Police Service, GCHQ, CERT-UK, the BKA in Germany, the Moldovan authorities and key private sector security partners, the National Crime Agency and the FBI are developing and deploying techniques to safeguard victims and frustrate criminal networks. This has resulted in a significant arrest (with more expected) and the worldwide disruption of a sophisticated cyber criminal network.

Members of the public are reminded they should be vigilant and not open documents in e-mails, or click on links, if they’re unexpected or if they’re unclear about the origin of messages.

If any Internet users think they have lost money through malware such as Dridex, they should report their concerns to Action Fraud and alert their respective banks.

Mitigating the damage

Mike Hulett, head of operations at the National Crime Agency’s NCCU, commented: “This is a particularly virulent form of malware. We’ve been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to made.”

Executive assistant director Robert Anderson from the FBI added: “Those who commit cyber crime are very often highly-skilled and can be operating from different countries and continents. They can and will deploy new malware. Along with our partners, we’re alive to this threat and constantly devising new approaches to tackle cyber crime. We urge all Internet users to take action and update their operating systems.”

Anderson concluded: “Cyber criminals often reach across international borders, but this operation demonstrates our determination to shut them down no matter where they may be. The criminal charges announced would not have been possible without the co-operation of our partners in international law enforcement and the private sector. We continue to strengthen those relationships and find innovative ways in which to counter cyber criminals.”

Internet users can use the following links to access anti-virus software:

*F-Secure: https://www.f-secure.com/en/web/home_global/online-scanner

*McAfee: http://www.mcafee.com/uk/downloads/free-tools/stinger.aspx

*Microsoft: http://www.microsoft.com/security/scanner/en-us/default.aspx

*Sophos: https://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx

*Trend Micro: https://www.trendmicro.com/en_us/forHome/products/housecall.html

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts