Fujitsu issue Dridex botnet warning
August 2016 by Fujitsu
Fujitsu’s Security Operations Centre (SOC) has identified a new Dridex threat
regarding the use of new botnet IDs and a targeted behaviour to infiltrate
enterprise banking.
Historically arriving via the usual malicious macro enabled documents, Dridex has
been taking a backseat to Locky ransomware. However, in newly researched malware
samples that have been targeting enterprise and core banking applications, Fujitsu’s
SOC has identified a shift in the payload and targets with Dridex. These include
commercial banking applications and password managers such as KeePass, targeting
enterprise applications, and core banking applications. Additionally, new Botnet
ID’s have been added including 444 and 144.
Paul McEvatt, Senior Cyber Threat Intelligence Manager, UK & Ireland at Fujitsu
commented on the new finding: “We’ve been monitoring the developments within Dridex
for two years now, having identified some significant changes to the behaviour. This
recent observation shows a growth in the behaviour and one that has branched from
targeting banking sites and back office of banking and now the enterprise.”
Dridex malware, also known as Bugat and Cridex, was developed by technically skilled
cyber criminals in Eastern Europe to harvest online banking details, which are then
exploited to steal money from individuals and businesses around the world. Global
financial institutions and a variety of different payment systems have been
particularly targeted, with UK losses estimated at
£20m<http://www.nationalcrimeagency.gov....>
.