NCA Warns £20 Million Dridex May Have Infected Thousands

The UK’s National Crime Agency (NCA) is warning computer users to protect themselves against notorious banking malware Dridex, which it says may have cost the country up to £20 million already.

The agency announced yesterday that its National Cyber Crime Unit (NCCU) was working with the FBI to sinkhole the malware to render the botnet harmless, and remediate to safeguard victims.

It also claimed to have made one “significant arrest” after work involving Europol, the Met, GCHQ, CERT-UK, the German BKA, the Moldovan authorities and private sector partners.

UK computer users – especially those running Windows PCs – were urged to keep operating systems up to date and ensure they have AV installed.

Dridex typically arrives in the form of a legitimate looking email links or attachments and may already have infected thousands in the UK, the NCA warned.

CyberStreetWise and GetSafeOnline websites both have advice and tools designed to offer protection and clean-up, it added.

“This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes, said NCCU head of operations, Mike Hulett, in a statement.

“Our investigation is ongoing and we expect further arrests to made.”

Avecto senior security engineer, James Maude, argued that the Dridex campaign is typical of the “cat and mouse” game between reactive security and malware authors.

"In order to get ahead of the latest malware threats we need to accept that detection will fail, with AV only effective less than 50% of the time. Instead we need to move to a proactive model that is agnostic to the threats by removing admin rights to prevent easy access and control of the system and application control capable of blocking unknown payloads,” he added.

“Ideally unknown content from the internet should be executed in an isolated environment, this not only protects the system and users data but provides a unique context to kill and log all unwanted attempts to execute payloads.”

What’s Hot on Infosecurity Magazine?