UK Internet users are being urged to protect themselves against a significant strain of malicious software (or malware) which has enabled criminals to steal millions of pounds from UK bank accounts.
Dridex malware, also known as Bugat and Cridex, has been developed by technically-skilled cyber criminals in Eastern Europe to harvest online banking details which are then exploited to steal money from individuals and businesses around the world. Global financial institutions and a variety of different payment systems have been particularly targeted, with UK losses already estimated at £20 million. Some members of the public may also have unwittingly become victims of the Dridex malware.
The National Crime Agency is now encouraging all Internet users to ensure they have up-to-date operating systems and anti-virus software installed on their machines to protect themselves from further cyber crime attacks.
Computers become infected with Dridex malware when users receive and open documents in seemingly legitimate e-mails. The National Crime Agency estimates that there could be “thousands” of infected computers in the UK, the majority being Windows users.
Users are urged to visit the CyberStreetWise and GetSafeOnline websites where a number of anti-virus tools are available to download to help clean up infected machines and receive advice and guidance on how to protect themselves in the future.
‘Sinkhole’ the malware
The National Crime Agency is conducting activity designed to ‘sinkhole’ the malware, stopping infected computers – known as a botnet – from communicating with the cyber criminals controlling them. This activity is in conjunction with a US ‘sinkhole’ currently being undertaken by the FBI.
The agency’s National Cyber Crime Unit (NCCU) has rendered a large portion of the botnet harmless and is now initiating remediation activity to safeguard victims. This activity is part of a sustained and ongoing campaign targeting multiple versions of Dridex and the cyber criminals behind it who operate in hard to reach parts of the world.
With support from EC3 and JCAT at Europol, the Metropolitan Police Service, GCHQ, CERT-UK, the BKA in Germany, the Moldovan authorities and key private sector security partners, the National Crime Agency and the FBI are developing and deploying techniques to safeguard victims and frustrate criminal networks. This has resulted in a significant arrest (with more expected) and the worldwide disruption of a sophisticated cyber criminal network.
Members of the public are reminded they should be vigilant and not open documents in e-mails, or click on links, if they’re unexpected or if they’re unclear about the origin of messages.
If any Internet users think they have lost money through malware such as Dridex, they should report their concerns to Action Fraud and alert their respective banks.
Mitigating the damage
Mike Hulett, head of operations at the National Crime Agency’s NCCU, commented: “This is a particularly virulent form of malware. We’ve been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to made.”
Executive assistant director Robert Anderson from the FBI added: “Those who commit cyber crime are very often highly-skilled and can be operating from different countries and continents. They can and will deploy new malware. Along with our partners, we’re alive to this threat and constantly devising new approaches to tackle cyber crime. We urge all Internet users to take action and update their operating systems.”
Anderson concluded: “Cyber criminals often reach across international borders, but this operation demonstrates our determination to shut them down no matter where they may be. The criminal charges announced would not have been possible without the co-operation of our partners in international law enforcement and the private sector. We continue to strengthen those relationships and find innovative ways in which to counter cyber criminals.”
Internet users can use the following links to access anti-virus software: