Trend Micro researchers have found a connection between four malware families, suggesting that the families are working together to develop more advanced attack vectors. It concerns Ursnif, Emotet, Dridex and BitPaymer.
An analysis of the four families revealed a similar loader and decryption procedures. This indicates a possible compartmentalisation of work, “as if tasks were shared between different developers and operators”. Ursnif and Dridex are both banking trojans, Emotet offers loaders and BitPaymer can infiltrate systems via remote desktop and e-mail vectors. The collaboration between the malware provides evidence that criminals are making their own versions of professional organizations to increase the evolution of threats.
The biggest problem of malware groups working together is the speed of development. Enterprises can streamline software creation with open source tools created by other professionals, and malware creators can similarly improve their time to market by dividing tasks among multiple groups. Organizations create their own procedures to prevent detection, but they can do more if they work together on common elements such as loaders and decryptors.
Another concern for companies is that the malware is becoming increasingly sophisticated. Criminal groups can reduce the number of human errors in their code by checking the code among themselves. They can also prevent duplication. In addition, native cooperation offers a more powerful package. Ursnif scatterers can now more easily penetrate networks with Emotet loaders and BitPaymer attacks.
Security
Experts argue that organizations need to start sharing threat data and working together on security. They also recommend a back-to-basics approach: make sure that all antivirus software is up-to-date and install all patches for applications.
On SecurityIntelligence, IBM specialists recommend adopting offensive security techniques to detect potential vulnerabilities before they are exploited by criminals. This includes penetration tests.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.
7 hours ago
