A number of U.K.-based financial institutions were hit by a wave of financial banking malware, delivered via phishing email campaigns, Threatpost reported.
Last year, Dridex was reported as one of the most dangerous variants of financial malware in circulation. According to Flashpoint, the malware is back this year with new techniques to bypass security and steal user data.
Phishing for Financial Credentials
The Trojan is designed to steal banking credentials, targeting customers of financial institutions via spam campaigns using real company names in the sender address and email copy. Many of these emails are disguised as invoices, receipts and orders, according to Symantec.
In the newest attacks detected in late January and last December, small phishing and spear-phishing email campaigns are targeting U.K. financial institutions. The email messages contained attachments with embedded macros that infect users with Dridex.
Although macros is disabled by default by Microsoft, the malware has still proved to be successful in the U.K. as instructions in the documents social engineer users into enabling macros, while other email campaigns contained obfuscated macros, according to Threatpost.
The attacks have also been using a new technique that can bypass Windows User Account Control (UAC) on fully patched and previous Windows versions, as detailed in a technical analysis by Flashpoint. In this attack, Dridex is able to alter Windows System32 directories to give itself the highest possible privileges, whitelisting itself as a trusted application so it can run silently on targeted PCs.
Financial Information Security Tips
How can you and your users protect your financial organization against malware infection? Here’s a few preventative measures:
- Keep your security software and all device software - including operating systems, plugins, browsers, etc. up to date. Out-of-date software runs a higher risk of getting compromised by known/reported vulnerabilities. Learn more about Trusted Devices.
- Don’t click on any suspicious-looking emails - send them to your security or IT team.
- Never ever enable macros on any Microsoft Office document attachment that asks you to enable it.
- Use two-factor authentication to protect access to your online banking applications and all other logins. In the event that your credentials are compromised via phishing or malware, an online criminal can’t successfully log into your accounts without possessing your physical device to complete two factor and verify your identity.
Learn more about how financial organizations can comply with data security regulations in their industry and protect access to their financial information by visiting Securing Access to Financial Data.