Fujitsu issue Dridex botnet warning
August 2016 by Fujitsu
Fujitsu’s Security Operations Centre (SOC) has identified a new Dridex threat regarding the use of new botnet IDs and a targeted behaviour to infiltrate enterprise banking.
Historically arriving via the usual malicious macro enabled documents, Dridex has been taking a backseat to Locky ransomware. However, in newly researched malware samples that have been targeting enterprise and core banking applications, Fujitsu’s SOC has identified a shift in the payload and targets with Dridex. These include commercial banking applications and password managers such as KeePass, targeting enterprise applications, and core banking applications. Additionally, new Botnet ID’s have been added including 444 and 144.
Paul McEvatt, Senior Cyber Threat Intelligence Manager, UK & Ireland at Fujitsu commented on the new finding: “We’ve been monitoring the developments within Dridex for two years now, having identified some significant changes to the behaviour. This recent observation shows a growth in the behaviour and one that has branched from targeting banking sites and back office of banking and now the enterprise.”
Dridex malware, also known as Bugat and Cridex, was developed by technically skilled
cyber criminals in Eastern Europe to harvest online banking details, which are then
exploited to steal money from individuals and businesses around the world. Global
financial institutions and a variety of different payment systems have been
particularly targeted, with UK losses estimated at