A strain of malware called Dridex has been making Eastern European cybercriminals a significant amount of money in recent years. But a spanner has been thrust into their machinations by a global law enforcement action announced today that saw one significant arrest and an attempt to dismantle the crook’s infrastructure.
Dridex, otherwise known as Bugat and Cridex, was spread far and wide via spam emails. Once Dridex was planted on a PC, it waited for users to log in to their online banking site and injected code onto the site to switch in a login form connected to the criminals’ infrastructure. From there, the hackers siphoned off usernames and passwords and subsequently people’s money.
The UK has been one of the biggest targets of the Dridex hackers, also known as Evil Corp, with as much as £20 million ($30 million) lost. The FBI said at least $10 million in direct loss domestically could be attributed to Dridex. Given nearly 30 countries were targeted, the likely intake of Evil Corp is beyond $50 million.
But their successes might be at an end. The FBI and the Brits’ National Crime Agency set up “sinkhole” operations, whereby they poisoned the Dridex peer-to-peer network of infected machines to cut off victims’ PCs from the botnet masters. More importantly, the US Department of Justice announced 30-year-old Andrey Ghinkul, also known as Smilex, was arrested in Cyprus this August on suspicion of being the administrator of the Dridex botnet. The US is seeking his extradition.
“This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to made,” said Mike Hulett, head of operations at the National Crime Agency’s National Cyber Crime Unit (NCCU).
A wide range of law enforcement partners were involved in the sinkhole operation, including the UK spy agency GCHQ, Europol, the Metropolitan Police Service in London, the BKA police service in Germany and Moldovan authorities. Security firms Dell SecureWorks, Fox-IT and S21sec, as well as non-profits Abuse.ch, the Shadowserver Foundation and Spamhaus, all helped take down Dridex.
The Dridex owners were brazen in their escapades. In one case in 2011, according to the US indictment, Ghinkul and his unnamed co-conspirators tried to transfer $999,000 from the Sharon, Pennsylvania, City School District’s account at First National Bank to an account in Kiev, Ukraine, using stolen credentials. On three separate occasions, the hackers tried to pilfer funds from Penneco Oil, from Delmont, PA, according to the charges, including successful thefts of $2,158,600 and $1,350,000.
In recent months, the Dridex masterminds ramped up their operation, increasing the number of spam messages containing links to the malware. Users have been advised to run a quality anti-virus to stop Dridex and similar threats ending up on their PC. Microsoft Windows users appear to be the only ones affected by Dridex.
“Through a technical disruption and criminal indictment we have struck a blow to one of the most pernicious malware threats in the world,” said U.S. Attorney David Hickton of the Western District of Pennsylvania.
Evil Corp?
The Evil Corp crew, as the hackers allegedly named themselves, had close ties to the Gameover Zeus cybercriminal operation, who earned at least $100 million over the last decade after carrying out not dissimilar crimes. A $3 million reward is on offer for information on the Gameover Zeus mastermind Slavik, real-name Evgeniy Bogachev. His infrastructure was also dismantled.
The FBI’s Wanted poster for the owner of the Gameover Zeus cybercrime ring. It’s believed Slavik’s crew spawned the Dridex ‘Evil Corp’ cybercriminal operation.
It’s believed Evil Corp was a spin-off of the Business Club, Slavik’s elite club of hackers, according to Fox-IT, a Dutch security team involved in the Dridex investigations. “The Dridex gang called themselves EvilCorp. They were engaged with numerous other criminal groups and with other operations like credit card theft. Some of their breaches required quite some skills and diligence. It’s a relatively large group, so we’re eager to learn what effect the indictments will have over the coming weeks and months,” said Franc Ruiz, a senior member of Fox-IT’s InTELL team.
original post is posted by forbes
To view the original post go to this link
0 comments:
Post a Comment