If you’re like me, you’re probably getting pretty sick of hackers, or as I like to call them criminals, using their technology skills to find new and dubious ways of making our lives exponentially more difficult. The banking malware Dridex is currently at the top of my list of malware that infuriates me. Why? Because they just won’t seem to go away!

dridex

Just when security experts started to believe they were getting a handle on how to safeguard people from Dridex, it has improved upon itself once again, by being able to direct you to fake banking websites that are ready, and able, to steal all of your vital banking data.

How are they doing it?

I almost have to give a hand to these criminals, (I’m not going to,) but I will give some credit to their craftiness on this one. It’s called  DNS (Domain Name System) cache poisoning. They use this to trick you into visiting fake banking websites that have almost the same name, and look identical to your banking site!

This new technique appears to be inspired by a similar banking trojan called Dyre, which used a local proxy to accomplish the redirection. Dridex operators however, have stepped it up a bit by creating clones of the websites of 13 U.K. banks, which have already been used in several attacks.

DNS cache poisoning is a very powerful and difficult to recognize attack, as it doesn’t use common red flag tactics like add-ons. These websites will show up in your browser even if you type in the correct domain name of your bank- making it far more likely for you to click on the wrong site, and worse, enter your personal banking information once you get there. Here’s what happens once you land on one of these fake, and dangerous, sites:

  • Dridex collects all of your authentication credentials and two-factor authentication codes.
  • Your details are then sent to command-and-control servers, and verified.
  • If more of your information is needed to hack into your personal banking, Dridex will inject new fields into the fake website to request this information.
  • They then begin initiating the illicit transaction while you are being delayed by the social engineering injections on the fake site.
  • Once the information harvesting is successful, they will move your money from your account, to a mule account.

Dridex has proven to be a resilient foe.

Despite law enforcement action by the U.S. and U.K., (who managed to take down part of its network last year), Dridex has been quick to recover. For a short time last month security experts even began to notice that the number of emails with attachments containing Dridex had dropped, but then quickly resumed again. For now, Dridex remains a very real and dangerous threat, so it is very important to be suspicious when your bank begins asking you for information that you do not normally need to provide.

✅ Boston HelpDesk - Managed IT Services Provider in Boston specializes in comprehensive security solutions that will protect you from malware threats. Call us today at (617) 848-9393 or send us an email at info@bostonhelpdesk.com for a free security analysis of your systems and network.

Albert Najimy

Albert Najimy

When it comes to technology services and solutions, it's vital to have a knowledgeable and enthusiastic partner who can help clients achieve long-lasting growth using proven IT solutions. Our CEO, Albert, is fully dedicated to assisting clients in improving their technology to gain a competitive edge in their industries. At Boston Helpdesk, Albert Najimy leads a team of dedicated professionals who are focused on delivering exceptional IT services and solutions. With his extensive expertise and practical experience, Albert ensures that clients receive top-quality support and guidance for their IT projects. You can count on Boston Helpdesk to enhance your business systems and stay ahead in today's fiercely competitive business environment.