At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat has always been active in the computing landscape. Last May 25, 2016, we observed a sudden spike in DRIDEX–related spam emails after its seeming ‘hiatus.’ This spam campaign mostly affected users in the United States, Brazil, China, Germany, and Japan.
Read MoreThe thing about takedowns is that these do not necessarily wipe out the cybercriminal operations. In 2014, the ZeroAccess takedown has affected the botnet’s click fraud operation, but its infections continued to soar. DRIDEX’s case is similar as it continues to figure predominantly in the threat landscape despite takedown of its multiple command-and-control servers last October 2015.
Read More2014 brought with it many significant additions to the technology landscape. These put new capabilities into the hands of users and companies that allowed them to do things that they would not have thought possible before. However, these same changes also aid threat actors: threats can now come from unexpected vectors, and augment the existing…
Read MoreAs globalization drives Brazilian industries forward, it also invites threats that aim on the weaknesses of growing market economies. Financial crimes have always topped the list of cyber security issues in Brazil, but as the country’s economy grows more people are exposed to the perks and problems of the latest computing technologies. The recent Trend…
Read MoreOnline banking threats have been prevalent for many years, but recently they seem to be determined to expand beyond their usual targets. In the past few weeks and months, we’ve seen various attacks target Korean banks using various techniques. The latest attack we’ve found uses a Trojan that redirects users of various Korean banks to…
Read More