- The attackers are targeting financial services firms through phishing campaigns.
- The alert includes a list of previously unreported indicators of compromise derived from information reported to FinCEN by financial companies.
The Cybersecurity and Infrastructure Security Agency (CISA), a part of the Department of Homeland Security (DHS), has issued an alert for financial services firms in the U.S. DHS noted that institutions from the financial services sector are at potential risks from the ongoing Dridex malware attacks. The attackers are targeting private-sector financial firms through phishing campaigns.
CISA published the alert via the US National Cyber Awareness System—a system designed to provide industry and users with information on current security topics.
"Because actors using Dridex malware and its derivatives continue to target the financial services sector, including financial institutions and customers, the techniques, tactics, and procedures contained in this report warrant renewed attention," CISA says in the alert.
"Treasury and CISA encourage network security specialists to incorporate these indicators into existing Dridex-related network defense capabilities and planning."
The alert also includes a list of previously unreported indicators of compromise derived from information reported to Financial Crimes Enforcement Network (FinCEN) by financial sector firms.
What’s in the alert?
The notice goes beyond encouraging security admins to configure their companies' defense tools for the banking trojan activity. It also contains information on Dridex-related phishing attributes, malware variants and capabilities, and mitigation recommendations by CISA to reduce overall risks.
Reporting at the right time and place
The DHS also urges organizations and users affected in a Dridex banker attack or suspect malicious activity related to Dridex to contact CISA or the FBI as soon as possible.
It further lists the contact information of concerning authorities if they want to request technical assistance or resources for incident response:
- CISA (CISAservicedesk@hq.dhs.gov or 888-282-0870),
- FBI through a local field office (https://www.fbi.gov/contact-us/field-offices),
- FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937).