U.S. Government Warns Financial Services of Ongoing Dridex Malware Attacks

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to financial services about ongoing Dridex attacks targeting private-sector financial firms through phishing e-mail spam campaigns. A tool is designed to provide industry and users with info on current security topics and threats.

“Because actors using Dridex malware and its derivatives continue to target the financial services sector, including financial institutions and customers, the techniques, tactics, and procedures contained in this report warrant renewed attention,” CISA says.

The Dridex malware, and its various iterations, has the capability to impact confidentiality of customer data and availability of data and systems for business processes. According to industry reporting, the original version of Dridex first appeared in 2012, and by 2015 had become one of the most prevalent financial Trojans. We expect actors using Dridex malware and its derivatives to continue targeting the financial services sector, including both financial institutions and customers.

Besides encouraging security admins to configure their companies’ defense tools to detect Dridex banking Trojan activity and avoid potential attacks, CISA also provides a list of mitigation measures to reduce risks.

Ensure that your company’s firewall blocks all entry points for unauthorized users and maintain records of how normal traffic appears on your network. Therefore, it will be easier to spot unusual traffic and connections to and from your network to potentially identify malicious activity. Furthermore, ensure that your employees are Informed and educated on the appearance of phishing messages, especially those used by the hackers for distribution of malware in the past. For complete list of recommendations please click the reference link below from CISA.

Reference:

https://www.us-cert.gov/ncas/alerts/aa19-339a