Dyre Straights: Group Behind the Dyre Trojan Busted in Moscow?
On Feb.
6, 2016, Reuters broke an exclusive story about what appears to be a law
enforcement raid that may have ended the activity of the cybercrime gang
operating the Dyre banking Trojan. The story was followed up by a Forbes
article with hints about arrests in the top echelon of the Dyre crew and a
possibility that the malware’s source code was leaked.
Reuters
reports that a police raid took place in November 2015 in a downtown Moscow
high-rise. The operation reportedly took place inside the offices of a film
distribution and production company called 25th Floor, which is, ironically, in
the midst of producing a movie called “Botnet,” loosely based on a 2010
cybercrime case.
Who
executed the raid? 25th Floor’s CEO declined to comment on the case. A
spokesman for the Russian Interior Ministry’s cybercrime unit denied
involvement in the case. And the FSB, Russia’s main intelligence service, had
no comment to offer reporters. The investigation was apparently aided by
Moscow-based Kaspersky Lab; the security vendor reportedly plans to unveil
details about the case in an annual user conference this week.
In the
interim, security professionals and past victims of the gang operating the Dyre
Trojan await news on what seems to be the genuine disruption of a major
organized cybercrime ring that has robbed financial institutions of millions of
dollars in the past two years.
Gone Since November?
As
details of the investigation aren’t yet public, here’s what we know about
Dyre’s current status based on IBM Security insights gleaned from across the globe.
IBM
X-Force researchers indicate that Dyre, which has been a constantly evolving
threat, fell silent in November 2015. According to IBM Trusteer, malware
infection rates dropped sharply in mid-November, with new user infections
appearing in the single digits per day at most.
Beyond
the drop in new infections, which signified the halt of spam/exploit kit
campaigns, Dyre’s configuration update servers and its real time webinjection
server were both disconnected from the Internet as the malware ceased generating
attempted fraudulent transactions. A week later, in late November, Dyre’s
redirection attack servers also went dark.
Read the
rest of this post here.
http://www.theregister.co.uk/2016/02/10/moscow_raids_could_signal_end_of_global_dyre_bank_trojan_menace/
http://www.eweek.com/security/financial-services-firms-shellshocked-under-dyre-attack-in-2015.html
Media Coverage:
http://www.forbes.com/sites/thomasbrewster/2016/02/08/russia-arrests-dyre-malware-masterminds/http://www.theregister.co.uk/2016/02/10/moscow_raids_could_signal_end_of_global_dyre_bank_trojan_menace/
http://www.eweek.com/security/financial-services-firms-shellshocked-under-dyre-attack-in-2015.html
Comments
Post a Comment