Casa > cibernético Notícias > Dyre Malware Focuses on Salesforce Credentials
CYBER NEWS

Dyre Malware Concentra-se em Credenciais Salesforce

caro, também conhecido como Dyreza e Dyranges pela Symantec, é um notório malware para perseguir credenciais bancárias. Dyre está voltada principalmente para os clientes do Bank of America e Citibank, RBS e Natwest no Reino Unido, e Ulster Bank na Irlanda. Recently it became clear that it is also menace for the Salesforce customers.
Salesforce credenciais-alvo-a-Dyre-malware

How Does Dyre Enter the User’s Computer?

The stealer of banking passwords was picked up by the malware researches, when they discovered that it could undermine SSL which protects the HTTPS sessions. It also tries to circumvent the special two factor authentication that is required by most of the European banks.

The malware experts say that the traffic is controlled by the attackers through the ‘Man in The Middle’ approach, and they get the option to read everything including the SSL traffic. Nesse caminho, Dyre can steal the credentials for many banks.

The net targets in UK were lured by fake invoice emails or phishing emails into clicking on links with malware. These links lead the victims to payroll data from the UK based software vendor Sage. In the United States, the victims received phishing emails disguised as rejected federal tax payment notifications or through messages pretending to be faxes from Epson.

How Does Dyre Affect the User’s Computer?

Dyre is a malware that resides on the infected computer, Contudo, it is not a danger for its software. The victim does not even get evidence that they are under its impact. The cyber criminals confirm that Dyre works with the browser hooking technique for Chrome, Firefox e Internet Explorer. This means that the malware collects data when the infected user makes a connection to a website that is specified in this malware.

caro: How to Reduce the Risk of Infection

Dyre is similar in function to Zeus, however the malware analysts think that it is not related to this malware. There is a way in which the users can reduce the risk of infection. They should do the following:

  • IP Range Restrictions must be active so the users are allowed to access salesforce.com only from your corporate network or VPN
  • Use SMS Identity Confirmation to ensure the login protection in cases when salesforce credentials are applied from an unidentified source.
  • Use Salesforce#, which provides an extra two-step verification layer of security.
  • Leverage SAML authentication capabilities to require that each authentication attempt is sourced from user’s network.
Avatar

Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...