Dyre and similar Trojans such as Neverquest and Dridex emerge as a new class of advanced, persistent cybercrime attack. They spread fast, hit hard, and are a devil to detect.
The operators of these Trojans use a clever combination of RitB techniques to conduct a sustained, multi-phased campaign in which - similar to APTs hitting the enterprise - they slowly manipulate victim accounts until they are ready to strike. At that time they deploy a standard Remote Access protocol (VNC) which makes them completely invisible to device recognition and geo-location tools. They switch off all active components of the malware to make sure it cannot be detected by traditional anti-malware tools. Then they open a browser from within the genuine victim machine, log into online banking and proceed uninterrupted to empty the victim's account.
It's time to put up a good fight.
BioCatch deploys its unique Behavioral Biometrics technology to spot RAT-like user interactions and detect the operators of Dyre, Neverquest and Dridex as they conduct their attacks on global banks.
Join Uri Rivner, VP Cyber Strategies and co-founder at BioCatch, as he talks about the recent RitB attacks. Doing a second-by-second analysis of the Dyre operators’ user interaction within actual victim account, we'll see how they control the application remotely, how they set up new payees, and how they make payments from the infected machines. We will also talk about how Social RitB fraud attacks on online banking is gaining momentum.