pixel_dreams - Fotolia

NCA warns UK of serious cyber attack on financial companies

Hackers target global financial institutions and payment systems with Dridex malware, with UK losses estimated at £20m, warns the National Crime agency (NCA)

The UK National Crime Agency (NCA) has issued a warning about a “significant strain of malware” that has enabled criminals to steal millions of pounds from UK bank accounts.

Dridex malware – also known as Bugat and Cridex – is believed to have been developed by technically skilled cyber criminals in eastern Europe to harvest online banking details.

The stolen details are then exploited to steal money from individuals and businesses around the world.

Global financial institutions and a variety of different payment systems have been particularly targeted, with UK losses estimated at £20m.

The NCA said some private individuals may also have unwittingly become victims of the Dridex malware. The agency is encouraging all internet users to ensure they have up-to-date operating systems and antivirus software installed on their machines, to protect themselves from further cyber crime attacks.

Internet users are also urged to visit the CyberStreetWise and GetSafeOnline websites where a number of antivirus tools are available to download to help clean up infected machines and get advice and guidance on how to protect themselves in the future.

Anyone who thinks they have lost money through malware such as Dridex, should report their concerns to Action Fraud and alert their respective banks, the NCA said.

Computers typically become infected with Dridex malware when users receive and open documents in seemingly legitimate emails.

The NCA said there could be thousands of infected computers in the UK, most being Windows users.

Authorities act to counter Dridex threat

The National Crime Agency is acting to "sinkhole" the malware, stopping infected computers – known as a botnets – from communicating with the cyber criminals controlling them. This activity is in conjunction with a US sinkhole operated by the FBI.

According to the NCA, the agency’s National Cyber Crime Unit (NCCU) has rendered a large portion of the botnets harmless and are now initiating remediation activity to safeguard victims.

This activity is part of a sustained and ongoing campaign targeting multiple versions of Dridex and the cyber criminals behind it, who operate in parts of the world that are hard to reach.

The FBI and the NCA – with the support of the European Cyber Crime Centre (EC3) and the Joint Cybercrime Action Taskforce (JCAT) at Europol, the Metropolitan Police Service, GCHQ, Cert-UK, Germany’s Federal Criminal Police Office (BKA), the Moldovan authorities and key private sector security partners – are developing and deploying techniques to safeguard victims and frustrate criminal networks.

“This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes,” said Mike Hulett, head of operations at the NCCU. “Our investigation is ongoing and we expect further arrests to made.”

Read more about Dridex

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Cyber awareness by employees is a critical component of all organisations' cyber defences. You are only as strong as your weakest link and that weakness can often be attributed to your employees who unwittingly click on a malicious link or spreadsheet.

By rolling out training programmes, organisations will heighten employees' awareness of how phishing attacks work and how to spot them if they do make it through the anti malware. The next step is to have a reporting process in place so that all employees are aware of what the current threat looks like so that no one clicks on that link or opens that spreadsheet. This is one component of an overall robust cybersecurity programme that companies should be considering. They should also take a risk based approach to their cybersecurity programmes. A good place to start in understanding your current state of readiness is a cybersecurity risk assessment, which will give you an understanding of your key data assets, risk profile and maturity level in terms of implementation. Using this as a guide will help organisations identify gaps and put in place a sound plan to secure funding and implement the controls.

Lisa Toth, US Head of Risk, Compliance and Regulation at Hatstand
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close