Cyberattack: Millions Stolen From UK Bank Accounts

Uploaded on 2015-10-23 in TECHNOLOGY--Hackers, NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

Computers become infected with the virus when users receive and open documents in seemingly legitimate emails. The National Crime Agency (NCA) is asking members of the public to be aware of a serious strain of malicious software (malware) ‘Dridex’, which is being used by criminals to access online banking details and steal money. 

The malware, developed by cyber criminals in Eastern Europe, has been used to target individuals and businesses around the world. Computers become infected when users unknowingly download the malware by opening an email attachment or clicking on a link.   

Law enforcement officials are hunting cyber attackers who have pulled off a series of Internet “heists” on British bank accounts worth at least £20m. British government ministers have been informed and the law enforcement effort involves the United Kingdom’s top-secret electronic security centre at GCHQ, as well as the UK’s national Computer Emergency Response Team (CERT), which was set up in 2014.

In the US the FBI is involved, while in Europe the police agency Europol is also helping to investigate, as well as law enforcement in Germany and Moldova where it is believed the attackers may have links to.

The virus or malware, known as Dridex, may be responsible for worldwide losses of $100m so far. The cyber criminals have used malware to gain access to people’s personal computers. The virus records the login and password details used to access internet banking services and passes it back to the attackers who then use the information to steal from bank accounts.

In the UK the National Crime Agency fears it could be one of the worst cyber-attacks they have seen. Public estimates of the losses are described as “conservative”, a NCA spokesperson said.
The NCA added: “Computers become infected with Dridex malware when users receive and open documents in seemingly legitimate emails. The NCA assesses there could be thousands of infected computers in the UK, the majority being Windows users.”

The virus so far is not believed to have infected smartphones. People are being told they can best protect themselves by boosting their computer security.
 
Mike Hulett, NCA spokesman, said: “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to made.”

At least one arrest has been made, last month, and recently the US department of justice gave details of the arrest. It said: “Andrey Ghinkul, aka Andrei Ghincul and Smilex, 30, of Moldova, was charged in a nine-count indictment unsealed in the western district of Pennsylvania with criminal conspiracy, unauthorised computer access with intent to defraud, damaging a computer, wire fraud and bank fraud. Ghinkul was arrested on 28 August 2015 in Cyprus. The US is seeking his extradition.”
Attacks from the virus had stopped but are now feared by law enforcement to have restarted.

The NCA said that Dridex, known also as Bugat and Cridex, was created by “technically skilled cyber criminals in eastern Europe to harvest online banking details, which are then exploited to steal money from individuals and businesses around the world. Global financial institutions and a variety of different payment systems have been particularly targeted.”

FBI executive assistant director Robert Anderson: “Those who commit cyber crime are very often highly skilled and can be operating from different countries and continents. They can and will deploy new malware and we, along with our partners, are alive to this threat and are constantly devising new approaches to tackle cyber crime.
“We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails.”

Law enforcement cyber experts are trying to stop the malware sending money to accounts controlled by the criminals. 

The NCA said: “Users are urged to visit the CyberStreetWise and GetSafeOnline websites where a number of anti-virus tools are available to download to help clean up infected machines and get advice and guidance on how to protect themselves in the future.”

Guardian      Cybersreetwise

 

 

 

 

 

« Australia Begins Mass Data Retention
IBM's Watson Analytics - New Data Discovery »

Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

National Cyber Security Centre (NKSC) Lithuania

National Cyber Security Centre (NKSC) Lithuania

NKSC is the main Lithuanian cyber security institution, responsible for unified management of cyber incidents, monitoring and control of the implementation of cyber security requirements.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

National Information Security & Safety Authority (NISSA)

National Information Security & Safety Authority (NISSA)

NISSA is responsible for safeguarding the integrity, availability and resilienceof ICT infrastructure, resources, services and data in Libya.

Arete Advisors

Arete Advisors

Arete’s advisory services provide legally defensible, compliant cyber strategies that assist the C-Suite and Boards of Directors to continuously improve the organizations’ cyber posture.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

Diateam

Diateam

Diateam is an R&D company specializing in computer security. Diateam develops highly innovative cyber range platforms and Industry-leading systems for cybersecurity training and testing labs.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.