Reemergence of Dexter malware demonstrates need for forensic analysis services

by Charles Leaver

December 11, 2013

access_time 5 min read

The stakes for securing networks against malware are high now that cybercriminals are increasingly going after large data repositories containing information such as credit card numbers. Infection could originate from a variety of vulnerable endpoints, including mobile devices or point-of-sale systems.

Recent iterations of the Dexter malware illustrate how forensics analysis services, such as the ones provided by Ziften, are key to improving network security in the long run. By gaining insight into the time and particular features of malicious incidents, companies can implement sounder endpoint management to forestall similar incidents.

Dexter malware may be on the rise again
The Dexter malware, as well as a similar strain known as Project Hook,  may be on the uptick as the holiday season progresses. These infections are designed to exploit POS systems and scrape data from the magnetic strips on the backs of payment cards.  According to IDG News Service, Dexter and Project Hook can lift the Track 1 and Track 2 data from cards and relay it to cybercriminals, who can then use it to create clones.

Dexter isn't a new threat, having first been discovered November 2012. However, there are more variants in the wild than ever before, including the StarDust version that goes beyond the original by tapping into network traffic. More than 20,000 credit cards numbers may have been compromised so far by StarDust.

The StarDust variant is notable for how it creates botnets using POS systems at major retailers and communicates with command-and-control servers in Russia. Its efficacy in circumventing POS system security reveals how companies must be mindful of vulnerabilities on IT assets other than PCs, especially since many endpoints are now using the same operating systems and services.

"POS systems suffer from the same security challenges that any other Windows-based deployment does," stated researchers at Arbor Networks. "Network and host-based vulnerabilities (such as default or weak credentials accessible over remote desktop and open wireless networks that include a POS machine), misuse, social engineering and physical access are likely candidates for infection."

Using forensics analysis to stay on top of threats such as Dexter
Threats such as Dexter often emerge because cybercriminals have a first-mover advantage, which they use to exploit previously overlooked network vulnerabilities. Still, victims can mitigate risk in the long run by utilizing intrusion forensics analysis to gain granular insight into breaches.

Writing for Network Computing, Michele Chubirka observed that seeking help from an outside forensics provider is sometimes the right choice for organizations. More specifically, a provider can offer in-depth knowledge and expertise about sophisticated threats that succeed in bringing down even complex IT systems.

Chubirka pointed out that the higher education sector in particular has witnessed the evolving nature of data breaches, which are now led by cybercriminals using advanced tactics to go after large information repositories. The reemergence of Dexter illustrates the creativity of many of these perpetrators.

Rather than lose time and resources to conducting investigations with a completely internal staff, organizations can gain rapid insight into what happened by seeking help from a digital forensics solutions provider. Knowing how and why a breach happened is the first step toward warding off similar threats in the future.