Follow the money – that’s basically the one rule you need to apply to get to the bottom of… everything, including malware. That being said, the UK National Crime Agency (NCA) not only did follow the money but also arrested fourteen people suspected in laundering more than £11 million stolen via malware distribution. The malware pieces used in these operations are well-known throughout the dark side of the Internet – Dridex and Dyre.
How Did the Operation Take Place?
More particularly, the money was stolen after a successful infection with either. The malware then collected the victims’ banking credentials and gave access to their bank accounts.
Once this was done, the stolen money was distributed to other bank accounts in smaller amounts. The bank accounts were primarily in the UK and in Eastern Europe. NCA officers believe the malware was developed and deployed by skilled cybercriminals in Eastern Europe, the report says.
Who Are the Criminals?
The group comprises of thirteen men and a woman (some foreigners), who were all recently arrested in London, Daventry and West Bromwich.
The NCA says that:
They are suspected to have laundered the criminal profits through hundreds of accounts at various UK banks, using false identity documents and ‘money mules’ recruited and controlled by the crime group.
The NCA officers seized cash, electronic devices for further forensic analysis, false identity documents.
According to Mike Hulett, who is Head of Operations at the NCA’s National Cyber Crime Unit, says that Dyre and Dridex had been deployed against small and medium sized business, and the attacks were all very damaging.
Those responsible for writing, developing and deploying malware code also rely heavily on other organised criminals like money launderers, and their fraudulent proceeds can then be used to fund other criminality.
The investigation was supported by Moldovan and Romanian authorities, and by the banking industry.
Dyre, Dridex Botnets Timeline
The two operations were rattled by UK and US law enforcement multiple times. A Moldovan operator of the Dridex botnet was arrested in October 2015. Then, a month later, the operators of Dyre were also captured.
Unfortunately, the turmoil of the botnets is not enough as there are other subnets operators by different teams of criminals.
In addition, a relatively new banking Trojan believed to be a close relative of the old Dyre banker was detected last month. According to researchers at Fidelis Cybersecurity, TrickBot, detected in September 2016 has a lot in common with Dyre.
How to Protect Your Money from Money-Stealing Botnets
Having in mind that botnets are often deployed to spread malware across multiple machines simultaneously, having a powerful anti-malware solution is a must.
To infect users’ computers, cyber criminals rely on two techniques:
- Installation of malware via exploiting software vulnerabilities or hijacking your weak accounts.
- Tricking you into installing malware with the help of social engineering techniques.
To improve your security against these botnets, refer to the following security tips:
- Frequently update your software, operating system and browsers.
- Use strong passwords.
- Keep your firewall on. A firewall provides protection against intruders from the Internet.
- Don’t use flash drives with unknown origin.
- Revise your surfing and downloading habits and apply anti-spam filters.
- Install both anti-malware and anti-virus software. An anti-malware program will keep track of spying components and would go deep into the system. An anti-virus program will search the hard disc and remove uninvited guests.