News
CYBERBIT, Elbit Systems’ Cyber Subsidiary, Uncovers Dridex Malware Persistency and Stealth Mechanism
January 2016 by Marc Jacob
CYBERBIT, Elbit Systems’ wholly-owned subsidiary, announced today that it uncovered for the first time, the Dridex malware’s advanced and sophisticated persistency mechanism, allowing organizations to detect and remove the malware.
The unique analysis was revealed by CYBERBIT’s dedicated malware research expert team, who managed to conduct a detailed dynamic behavioral analysis of the Dridex malware, fully revealing its infection process and persistency mechanism.
Part of Dridex’ robustness is attributed to its ability to constantly generate new variants for each attack, thus going undetected under AV engines. CYBERBIT’s malware research team, a group of specialists who analyze malwares and security threats in order to enrich CYBERBIT’s analyses methods and algorithms, managed to reveal Dridex’ persistency mechanism, which allows it to remain uncovered and undetected due to its unique mode of operation.
Since its appearance in late 2014, Dridex has been one of the most notable malware threats, designed to steal personal banking information and credentials mostly from small and medium-sized organizations. Dridex malware attacks are said to be responsible for the theft of over $50 million, out of which $30 million was stolen from UK accounts alone. The criminal forces behind Dridex are believed to have links to similar cybercrime gangs.
CYBERBIT suspects that such criminal organizations experience from previous activities are those that allow Dridex authors and affiliates to keep their infrastructure alive and to stay active and dangerous.
CYBERBIT will present and demonstrate its detection of advanced threats capabilities at the CYBERTECH 2016 Exhibition (booth F), January 26-27, 2016 at the Israel Trade Fair and Convention Center.
CYBERBIT’s products collect and analyze information in greater depth and context over time and space and provide ad-hoc forensics and response capabilities, for both IT and SCADA networks, while assuring minimum time for mitigation, remediation and response. CYBERBIT’s technology is developed by skilled, updated and competent personnel, and it supplies live hands-on training that keeps its customers efficient and savvy.
Notes:
Security threats in the 21st century are more complex, more sophisticated, and stealthier than ever - with an estimated 70%-90% of malwares, which are unique to a specific targeted organization, managing to bypass traditional security tools.
Enterprises just can’t afford to keep using technologies and methods that don’t work. CYBERBIT understands that in order to detect and respond quickly and efficiently to advanced unknown threats, organizational security has to be changed. Detection and response cycles must become optimal and short, leveraging granular information pieces as well as past knowledge, automating processes and capabilities, and allowing the organization to be agile, alert and prompt. CYBERBIT’s solutions aim to empower its customers by providing them with a different level of detection, response, forensics and mitigation capabilities and allowing them to operate rapidly, efficiently and accurately.
