The Dyreza trojan has recently re-emerged in a new and frightening way. Proofpoint, a California-based security company, has released new research showing that the infamous Dyreza Trojan has taken new aim at the IT supply chain. Its research shows 20 organisations involved in physical IT have been targeted, and listen in the trojan's configuration files.
This news comes just after Salesforce.com warned its customers earlier this month that the Dyreza trojan may be targeting its customers. Salesforce was eager to impress upon customers that “this is not a vulnerability within Salesforce. It is malware that resides on infected computer systems and is designed to steal user login credentials and resides on infected computer systems.”
Earlier this summer, security company, BitDefender warned that around 20,000 customers of major banks including Santander and Barclays had been targeted over a matter of days. It's also been relatively good at what it does; Proofpoint's 2015 annual cyber-crime report, The Human Factor, suggested that one in 25 of those sent Dyreza phishing emails will fall prey to the scam.
Dyreza, occasionally known as Dyre, puts itself right into targeted users' browsers, sometimes via hacked routers, according to Symantec. From there, it directs users to modified versions of otherwise legit webpages. If Dyreza is installed on your computer, it might steal your online banking details as you log into what you think is your normal online banking webpage.
The trojan starts a campaign of phishing emails and sends the collected browser data, namely, users' key financial and encryption data back to the attacker. With that data, the victimised users financial and personal account can be made wide open to abuse.
The historically successful Dyreza Trojans have typically targeted banks, but its renewed occurrence in Salesforce may present a new dimension and fertile new ground for the Trojan.
But what's the significance of this new dimension for the infamous piece of malware? Re-purposing the tool that used to steal bank details, might just as easily, and profitably, be used to steal other details.
Kevin Epstein, VP of threat operations at Proofpoint, elaborated on the significance of this new development: “If you look at the potential of this supply chain, it's a powerful set of accounts to gain access to. With it, you can divert shipments of physical goods, issue full sets of payments and invoices to artificial companies, do large-scale gift-card issues.”
Epstein added, “This is a significant issue, and while some may not think it's as glamorous as direct access to a bank account, the risk here is huge. This is a core element of many companies.”