By Charles Leaver

There’s a RAT sniffing around for banking info

Now more than ever, hackers see through lenses tinted green. Everywhere they look, an opportunity for monetary gain presents itself. Whether it’s breaking into a small business’ system to extract customer payment information to breaching a server containing passwords that could lead to a bank account, cybercriminals are focused squarely on cashing in on their criminal enterprise.

The mounting emergence of hacking as what DarkReading contributor Ericka Chickowski calls a “crime-as-a-service ecosystem” puts significant  pressure on businesses to enact the kind of endpoint threat detection and response mechanisms that will protect the group that is so often targeted in these kinds of attacks: customers. When companies fail to guard their endpoints, malicious intrusions happen. Since many businesses these days house customer data, the onus falls on them to protect that information with the proper endpoint security software.

There’s a new banking Trojan in town – and the situation is Dyre
In the malware world, the appearance of a new strain is not in itself noteworthy. After all, there are so many threats online that the addition of yet another doesn’t warrant much of a headline. But sometimes a malicious strain bursts onto the scene that is powerful enough to grab people’s attention, and a new Remote Access Trojan called Dyre is one such beast.

According to PhishMe – the group that identified Dyre – the malware is focused squarely on stealing banking credentials, and the bug’s authors made sure to develop it to effortlessly bypass certain basic encryption modes like SSL. Once it’s found its way into its intended target’s system, Dyre manages to disguise itself as whatever website you were operating in the time – when in actuality, you’ve been unwittingly rerouted to the malware’s base of operations. This is a tactic called “browser hooking,” and for victims, it can be the fast-track to a breach.

What the Dyre’s sophistication points to is a need on the part of companies – particularly those connected to banking – to implement stronger endpoint protective measures and not just rely on what’s already there. As PhishMe pointed out, Dyre appears to be indicative of even further advancement within the crime-as-a-service sector.

“This appears to be a brand new malware family targeting users,” contributor Ronnie Tokazowski wrote. “Browser hooking is a very effective technique … [A]n attacker can successfully bypass the SSL mechanism of a webpage while appearing to have the session encrypted.”

The best response to such threats is for companies to firm up their defenses and avoid becoming the next victim.

Get the Blog Here