28 March 2015

The latest Bromium post is really worth reading. Dridex is a further development of the Cridex Trojan. Dridex’s only goal is to steal your online banking credentials, to allow cyber-criminals to empty your bank accounts.

Dridex is a real beast. The developers hide the payload in Microsoft Office AutoClose macros to lever out the protection through the inbuilt sandboxing technology. If properly configured protected mode is a challenging task, but the bad guys had taken even this into account.

Michael Mimoso writes on threat post: ‘While macros are disabled by default since the release of Office 2007, the malware includes somewhat convincing social engineering that urges the user to enable macros—with directions included—in order to view an important invoice, bill or other sensitive document.’

The first line of defense, user awareness, has failed spectacularly! If someone tries to persuade you to disable protected mode for viewing an email attachment, it is very likely that this is a cyber-attack.

Task virtualization would have protected the user in this case. But even the task virtualization has its limitations. From my point of view, well-trained users, who are aware of the dangers of the internet, are the first line of defense today. Technology supports them to stay secure

… unless the users deactivates or the attackers bypasses them.

Have a good weekend.