In the past several months the infamous Dyre Banking Trojan has gone silent with security researchers reporting actual new infections dropping to single digits. Researchers suspect that a raid on a film distribution and production company in Moscow may have captured the cybercriminals responsible for the Dyre Banking Trojan. The death of Dyre may be good news to cybersecurity experts, but what keeps us up at night is the question of “What malicious software will take the place of Dyre?” As it turns out, there are a number of malicious programs queued up and ready to attack.
The details as reported by Reuters of the Moscow raid are pretty murky and from the article, you get the impression that no one knows for sure what happened and no one in a position of knowledge is talking about the raid or who may have been captured. Reuters could not find a direct link between the raid on the film company named 25th Floor and the almost complete shutdown of the Dyre virus. According to Reuters, a number of people were questioned, but no information was shared regarding arrests or criminal charges. There is no evidence that the film company has been implicated in any wrongdoing. Hackers that target Western financial institutions are rarely pursued in Russia, so the November 2015 raid could be a potential landmark case.
Did the Russians Actually Act Against Cybercriminals?
Even though there is no direct evidence linking the Russian raid to the Dyre virus, security experts agree the timing of the raid and the quick death of Dyre are not coincidental. “We have seen a disruption over the last few months that is definitely consistent with successful law enforcement action,” said cybercrime expert John Miller of U.S.-based security firm iSight Partners, who had no knowledge of specific arrests. Security experts agree that the quick decline of the Dyre virus isn't cause for celebration. As we reported in a previous article, we detected the Dyre Trojan on our customer’s network in late December of 2015, so Dyre may be down, but it’s not completely out. Regardless of the state of the Dyre virus, now is not the time to breathe a sigh of relief and become complacent. There are a number of banking Trojans in the wild, and I’d like to highlight a few that have the potential to infiltrate your network and siphon money from your bank account. With hundreds of banks already targeted, there's a chance cybercriminals already have their sights on your account and may be a few clicks away from sending your money to their accounts overseas. It’s up to you to protect yourself and your bank account since banks and insurance companies are working to limit their liability in these attacks. Let me introduce you to just a few to be on the lookout for in 2016.
2016 Looks to be a Great Year for Cybercriminals!
2016 looks to be a banner year for cybercriminals. The bounty expected to be stolen by these criminals is estimated to exceed $600 Billion dollars this year, eclipsing the $570 Billion world-wide drug trade. Some of the tools used to steal American dollars will include the banking Trojans already attacking customers worldwide like Sphinx, Dridex, Gozi, Tinba, and Shifu.
“This is actually a business opportunity for already established banking botnet operations,” say Bureau and Khandhar with the firm SecureWorks. “We do expect other cybercriminal groups might increase the size of their operation to fill in the gap left by Dyre's decline.”
The Rise of Banking Trojans
Gozi and the Dridex banking botnets are in a good position to capitalize on Dyre's decline. Both of these are widely deployed and target the financial services industry. At WatchPoint, we believe these two could become aggressive enough to take over the business that Dyre leaves behind. Another banking Trojan to be on the lookout for is called Tinba. This Trojan was not considered a major threat until recently, but it's been spreading rapidly and is now considered the sixth most widely deployed banking malware. Tinba was introduced in 2012 as a banking Trojan that was configured to steal user credentials and capture network traffic. In 2014, the source code was leaked, and three more variations of Tinba have been identified since then.
Unfortunately, banking Trojans are like terrorists. If you kill the leader, a new one just pops up to take its place. The cybercriminals of today are using readily available hacking tools that can be purchased easily from the dark web. Stopping these cybercriminals on your own is an impossible task, and that is why WatchPoint has partnered with Carbon Black using advanced endpoint protection to detect and isolate any threat to your network. The forensic experts at WatchPoint guarantee we will stop any attack within the “Golden Hour.” This is the first hour in a cyber-attack, and it is crucial to have a forensic expert with a clear head and well thought-out plan to identify and isolate any threats. This can make or break any forensic investigation, and it’s important to get it right the first time. Don’t get stuck scrambling after a cyber-attack. By then it’s too late. Inquire today to see how a partner like WatchPoint can secure and protect your network from the next generation of cybercriminals.
With WatchPoint's Security Solution you will:
Know someone is securing your business.
Have true visibility into your digital assets.
Have a support staff dedicated to safeguarding your network.