Banking Malware Tip: Don’t Kill The Goose

Dridex: A History of Evolution by Nikita Slepogin.

From the post:

The Dridex banking Trojan, which has become a major financial cyberthreat in the past years (in 2015, the damage done by the Trojan was estimated at over $40 million), stands apart from other malware because it has continually evolved and become more sophisticated since it made its first appearance in 2011. Dridex has been able to escape justice for so long by hiding its main command-and-control (C&C) servers behind proxying layers. Given that old versions stop working when new ones appear and that each new improvement is one more step forward in the systematic development of the malware, it can be concluded that the same people have been involved in the Trojan’s development this entire time. Below we provide a brief overview of the Trojan’s evolution over six years, as well as some technical details on its latest versions.

Compared to the 2015 GDP of the United States at ~$18 trillion, the ~$40 million damage from Dridex is a rounding error.

The Dridex authors are not killing the goose that lays golden eggs.

Compare the WannaCry ransomware attack, which provoked a worldwide, all hands on deck response, including Microsoft releasing free patches for unsupported software!

Maybe you can breach an FBI file server and dump its contents to Pastebin. That attracts a lot of attention and is likely to be your only breach of that server.

Strategy is as important in cyberwarfare as in more traditional warfare.

Comments are closed.