The Dyreza Trojan is now targeting the IT supply chain

[Inga Goddijn <inga () riskbasedsecurity com>]

http://www.scmagazineuk.com/the-dyreza-trojan-is-now-targeting-the-it-supply-chain/article/441887/

The Dyreza trojan <http://www.scmagazineuk.com/search/Dyreza+trojan/> has
recently re-emerged in a new and frightening way. Proofpoint, a
California-based security company, has released new research showing that
the infamous Dyreza Trojan has taken new aim at the IT supply chain. Its
research shows 20 organisations involved in physical IT have been targeted,
and listen in the trojan's configuration files.

This news comes just after Salesforce.com warned its customers earlier this
month that the Dyreza trojan may be targeting its customers. Salesforce was
eager to impress upon customers that “this is not a vulnerability within
Salesforce. It is malware that resides on infected computer systems and is
designed to steal user login credentials and resides on infected computer
systems.”

Earlier this summer, security company, BitDefender warned that
<http://www.theinquirer.net/inquirer/news/2417128/zeus-like-dyre-malware-will-scam-at-least-one-in-25-uk-banking-customers>
around 20,000 customers of major banks including Santander and Barclays had
been targeted over a matter of days. It's also been relatively good at what
it does; Proofpoint's 2015 annual cyber-crime report, The Human
Factor, suggested
that
<https://www.proofpoint.com/sites/default/files/image_example_images/Proofpoint-Threat-Report-July2015_0.pdf>
one in 25 of those sent Dyreza phishing emails will fall prey to the scam.

Dyreza, occasionally known as Dyre, puts itself right into targeted users'
browsers, sometimes via hacked routers, according to Symantec
<http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/dyre-emerging-threat.pdf>.
> From there, it directs users to modified versions of otherwise legit
webpages. If Dyreza is installed on your computer, it might steal your
online banking details as you log into what you think is your normal online
banking webpage.

The trojan starts a campaign of phishing emails and sends the collected
browser data, namely, users' key financial and encryption data back to the
attacker. With that data, the victimised users financial and personal
account can be made wide open to abuse.

The historically successful Dyreza Trojans have typically targeted banks,
but its renewed occurrence in Salesforce may present a new dimension and
fertile new ground for the Trojan.

But what's the significance of this new dimension for the infamous piece of
malware? Re-purposing the tool that used to steal bank details, might just
as easily, and profitably, be used to steal other details.

Kevin Epstein, VP of threat operations at Proofpoint, elaborated
<https://threatpost.com/dyreza-trojan-targeting-it-supply-chain-credentials/114836/>
on the significance of this new development: “If you look at the potential
of this supply chain, it's a powerful set of accounts to gain access to.
With it, you can divert shipments of physical goods, issue full sets of
payments and invoices to artificial companies, do large-scale gift-card
issues.”

Epstein added, “This is a significant issue, and while some may not think
it's as glamorous as direct access to a bank account, the risk here is
huge. This is a core element of many companies.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!