Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Financial Services Firms Shellshocked, Under Dyre Attack in 2015

    By
    Sean Michael Kerner
    -
    February 10, 2016
    Share
    Facebook
    Twitter
    Linkedin
      Shellshock

      Hackers going after banks is not a new trend, but according to a new report from the IBM, financial services attackers are using different tools and tactics to steal information and money.

      The IBM X-Force research found that in 2015, the average cost for a breached financial record was $215, with approximately 20 million financial records breached in the year. Of particular note in IBM’s research is the finding that in 2015, attackers made extensive use of the Shellshock vulnerability to attack banks. The Shellshock vulnerability was first disclosed in September 2014 and is a flaw in the open-source Bash shell.

      David McMillen, senior threat researcher for IBM Managed Security Services, said the fact that Shellshock was a top attack vector was a huge surprise. “We have seen many vulnerabilities exploited, but none quite as robustly and for as long a period in time,” McMillen told eWEEK. “Taking Shellshock out of the mix, we are left with a completely expected volume of attacks from malicious attachments or links, which almost matched Shellshock volumes exactly.”

      In terms of how Shellshock is being used by attackers, McMillen said IBM Managed Security Services has detected many delivery mechanisms for the vulnerability, including Metasploit. Metasploit is an open-source penetration testing framework that is used by security researchers and sometimes abused by attackers to exploit software vulnerabilities.

      “The vast majority of Shellshock traffic that was detected in 2015 contained exploit strings to bulk test Internet-facing hosts for the core Shellshock vulnerability using exploitation vectors that were explicitly tailored to affect OpenSSH, CGI Web and Qmail,” he said. “Many of the tools used to exploit Shellshock were homegrown, other than mainstream tools like Metasploit.”

      Dyre Malware on the Rise

      Another key trend that IBM observed during 2015 was the rise of Dyre malware as the top banking Trojan in use during the year, at 24 percent of attacks, surpassing the Zeus v2 banking Trojan, which represented 13 percent of attacks. Dyre’s rise to prominence in 2015 was a reversal of its status in 2014. In 2014, IBM’s research found that Zeus v2 represented 36 percent of Trojan attacks, while Dyre was responsible for only 5 percent.

      There are major differences between Dyre and Zeus, according to Limor Kessem, a researcher at IBM Security.

      “Zeus was a commercial offering that was operated by many different criminals and small factions at a time when organized cybercrime was more of a rare phenomenon,” Kessem told eWEEK.

      She added that Zeus was, and still is, one of the best Trojans out in the wild. That said, in technical terms, or the effectiveness of their fraud capabilities, Zeus and Dyre are not all that different.

      “What makes Dyre special is its strong software development team, which kept it elusive and effective through its nefarious activities, meticulous organization and what appear to be well-connected bosses that managed to orchestrate unprecedented attack campaigns like Dyre Wolf,” Kessem said. “Those factors made Dyre more effective in robbing much more money, and much faster, than any sole Zeus operator/faction ever did within the same time frame.”

      The Dyre Wolf campaign was reported by multiple security firms in May 2015 as a high-impact attack on financial services firms.

      While Dyre was successful through most of 2015, its reign of terror might now be at an end, as the Russian government took action at the end of 2015 to disrupt Dyre operations. Kessem said that IBM X-Force research indicates that Dyre did indeed fall silent in November 2015.

      “According to our IBM Trusteer data, malware infection rates dropped sharply around Nov. 18, with new user infections appearing in the single digits per day at most,” Kessem said. “It has been close to three months now since Dyre went silent, and our data does not show any significant activity appearing as of late.”

      Dyre isn’t the only threat that started to drop off last November—the risk from Shellshock is in decline as well. Looking forward to the threat landscape of 2016, McMillen expects that the Shellshock threat that was very loud in 2015 should fall back significantly, due in large part to the massive press it received, which resulted in a major patching initiative for most enterprise network administrators.

      “As was seen with SQL Slammer, Shellshock attacks are expected to be visible for many months to come as unpatched targets will certainly remain, although the volume will fall to background noise, which has already started as of November 2015,” he said.

      While the big threats of 2016 are just now emerging, IBM has a few recommendations to help financial services organizations protect themselves from cyber-threat risks. McMillen suggests that the top two things that financial companies should do to protect against evolving threats are employee training and vulnerability mitigation.

      “Develop a training program that educates employees about the dangers of phishing as well as deploying anti-phishing controls at the mail gateway,” he said. “Additionally, ensure your IT teams have a very aggressive vulnerability mitigation program that allows management of patches across multiple operating systems that includes implementation of real-time monitoring and reporting.

      “Both of these elements are the root entry points of the attack landscape we see today,” McMillen added.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×