The way in which criminals steal money from banks has evolved. Whereas once upon a time you were required to wear tights on your head and have a sawn-off shotgun in hand, in the digital age it takes nothing more than a virus to access and ‘lift’ nearly £20 million. Earlier this month that was exactly what happened too, with online banking the target for cyber criminals. The attack uses a malware product known as Dridex to infect a consumer’s device and steal their banking details. The virus is said to account for nearly $100m worth of theft so far, presenting itself as a document attachment in a seemingly legitimate email that grants instant access when opened.
Although the latest £20m heist has come from UK based users, it is a worldwide operation, combining GCHQ (Government Communications Headquarters), CERT (National Computer Emergency Response Team), the FBI in the US, European Police Agency Interpol and Moldovan and German law enforcement. Their job is to track down the culprits and bring them to justice, but it is individuals who need to take personal responsibility until they do.
Dridex records the login credentials that we use to access our online banking accounts, sending them to the criminals who can then steal your money quickly and quietly. Windows users seem to be the most at risk, and although figures currently stand at £20m, the National Crime Agency (NCA) anticipates this to be a ‘conservative’ figure. Thousands of computers are likely to still be at risk, something that must be addressed sooner rather than later. Smartphones so far seem unaffected, so computers require the most attention at this stage.
The fact that the creation of this virus requires a great deal of skill, and can be initiated from anywhere in the world, makes the job of the law enforcement agencies in catching the culprits that much more difficult. This is why personal accountability it critical to the protection of individual systems. By maintaining your internet security software and keeping your system updated you can avoid falling victim to these criminals. As well as this there are several other prevention methods that we recommend at Digital Pathways to help keep your network safe:
- Always be careful when opening an attachment from a source that seems unusual. No matter how legitimate it may seem, banks and building societies will very rarely send attachments, so make sure that at all times you Think, Before You Click.
- It is equally important to be aware of where links in the email are directing you to. Just because a link may look like a well renowned website, hsbc.com for example, it could redirect you to a less scrupulous one. To check, hover over the link and generally at the bottom of the email window you will see the real name. If not, then right click and check the properties. At all points Think, Before you Click.
- The use of two factor authentication is another innovative method of keeping your credentials secure. This uses a one-time password, meaning that even if you have malware recording your key strokes, the next time you login they will have changed and require a unique entry.
- For additional security you can also consider installing Data Leakage Protection Software on your system too, or some form of Protective Marking. Marking systems can detect outbound data which is classed as sensitive and block the traffic until that data is classified. This gives you more control over unusual traffic, preventing the emails from leaving your machine if Dridex takes hold.
The way in which law enforcement agencies across the world have united to tackle this issue highlights the severity of the situation. Although we must rely on these agencies to prevent the problem, it is equally important that we protect ourselves too, with the Think, Before You Click mantra becomes an active part of our daily digital routine.
For more information on how you can protect yourself and your business from cyber-attack please get in touch.