Skip to main content
FoxPointe FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
    • Virtual Chief Information Security Officer (vCISO)
  • About Us
    • Management Team
    • Credentials
    • Careers
  • Resources
    • Events
    • News
    • Videos
    • Whitepapers
  • Blog
  • Contact Us
FoxPointe
  • Services
    • Cyber Risk, Assurance and Compliance
    • IT Audit
    • Penetration Testing
    • General Consulting
    • Virtual Chief Information Security Officer (vCISO)
  • About Us
    • Management Team
    • Credentials
    • Careers
  • Resources
    • Events
    • News
    • Videos
    • Whitepapers
  • Blog

Enter Keywords

  1. Home
  2. Blog

FoxPointe Security Hub

Dridex Malware Cyberattacks Increasing

December 16, 2019

Last week, the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) released a joint alert focused on notifying financial institutions that an increasing number of cyberattacks utilizing the Dridex malware and several variants of that malware are being pointed at financial institutions and their customers. Dridex is not a new strain of malware, in fact it first appeared in 2012 and became very prevalent by 2015 as a financial trojan; however, the more recent versions of the malware are targeting a vulnerability that allows for remote execution of code specific to Microsoft Office and WordPad. It should be noted that Microsoft released a patch for this vulnerability in 2017, which stresses the importance of having strong patch management processes. Unsurprisingly, the malware is typically distributed through phishing campaigns where bad actors are using legitimate business names, in conjunction with spoofed domain names to coerce the receiver of the message to open and download the attached corrupted files.

Why the Increase in Cyber Attacks?

So why are we seeing an increasing number of attacks being pointed at Financial Institutions and their customers? Well, aside from the fact that financial institutions have an abundance of the two things cyber criminals covet most, money and data, Dridex malware has the ability to infiltrate browsers, detect access to online banking applications and steal customer login credentials. Once the bad actor has customer credentials, they are able to initiate ACH and wire transfers, open fraudulent accounts, among other malicious activities.

Cyber Risk Management

One thing that our team continues to stress is cybersecurity training for employees and educating consumers about the cyber risks associated with using internet and mobile banking products. While there are numerous cutting-edge technologies that can help detect and prevent phishing emails from reaching your end users, with time, there is always an increased risk that cybercriminals can find ways to bypass this technology. At this point, it’s estimated that 90 percent of all data breaches have an element of social engineering, which amplifies the importance of continuous education for end users, as people continue to be the greatest cyber threat.

For your information, below, you can see a list of known email and IP addresses associated with the Dridex malware strain.

IP Addresses Associated with the Dridex Malware

Indicator Type Indicator Value Associated Activity
Email address info[@]antonioscognamiglio[.]it Dridex
Email address info[@]golfprogroup[.]com Dridex
Email address cariola72[@]teletu[.]it Dridex
Email address faturamento[@]sudestecaminhoes[.]com.br Dridex
Email address info[@]melvale[.]co.uk Dridex
Email address fabianurquiza[@]correo.dalvear[.]com.ar Dridex
Email address web1587p16[@]mail.flw-buero[.]at Dridex
Email address bounce[@]bestvaluestore[.]org Dridex
Email address farid[@]abc-telecom[.]az Dridex
Email address bounce[@]bestvaluestore[.]org Dridex
Email address admin[@]sevpazarlama[.]com Dridex
Email address faturamento[@]sudestecaminhoes[.]com.br Dridex
Email address pranab[@]pdrassocs[.]com Dridex
Email address tom[@]blackburnpowerltd[.]co.uk Dridex
Email address yportocarrero[@]elevenca[.]com Dridex
Email address s.palani[@]itifsl.co[.]in Dridex
Email address faber[@]imaba[.]nl Dridex
Email address admin[@]belpay[.]by Dridex
IP address 62[.]149[.]158[.]252 Dridex
IP address 177[.]34[.]32[.]109 Dridex
IP address 2[.]138[.]111[.]86 Dridex
IP address 122[.]172[.]96[.]18 Dridex
IP address 69[.]93[.]243[.]5 Dridex
IP address 200[.]43[.]183[.]102 Dridex
IP address 79[.]124[.]76[.]30 Dridex
IP address 188[.]125[.]166[.]114 Dridex
IP address 37[.]59[.]52[.]64 Dridex
IP address 50[.]28[.]35[.]36 Dridex
IP address 154[.]70[.]39[.]158 Dridex
IP address 108[.]29[.]37[.]11 Dridex
IP address 65[.]112[.]218[.]2 Dridex

FoxPointe Solutions is solely responsible only for the content of FoxPointe Solutions authored information and is subject to change at any time. Any forward-looking statements are not predictions. FoxPointe Solutions is not responsible for any errors or omissions, or for the results obtained from the use of this information. Questions regarding your legal or compliance position should be addressed through your legal counsel, security advisor and/or your relevant standard authority. Nothing contained herein should be used nor relied upon as advice nor constitute a consultant-client relationship.

Subscribe

Subscribe to receive new articles and resources from our information risk management experts directly in your inbox as soon as they're available.

Subscribe Now

Archive   Archive
Share
Twitter Facebook LinkedIn
  • Topics
  • Authors
  • Data Security (13)
  • Data Privacy (15)
  • Compliance (4)
  • Risk Management (8)
  • Cybersecurity Alert (7)
  • Cybersecurity (25)
  • Archive (34)
  • Charlie Wood | PCI QSA, CISA, CRISC, CISM
  • Carl Cadregari | CISA, CCSFP, CTPRP
  • Allison Hall | PCIP, CCSFP
  • Courtney Caryl | CCSFP, CHQP
Let us show you how we can help
Request Quote
FoxPointe

171 Sully's Trail
Pittsford, NY 14534

Call 844-726-8869
or Contact Us

Subscribe to the Blog

Services
Cyber Risk, Assurance and ComplianceIT AuditPenetration TestingGeneral ConsultingVirtual Chief Information Security Officer (vCISO)
Company
Management TeamAbout UsBlogCareersPrivacy Policy
©2023 FoxPointe
Website by Corporate Communications, Inc.
We use cookies and other technologies to optimize site functionally, analyze website traffic, and share information with our service and analytics partners. To view our Privacy Policy, which discusses cookies, click here. By continuing to use & browse our services, you agree to our Privacy Policy, our use of cookies, and the Terms and Conditions.