PhishMe's senior researcher - Ronnie Tokazowski, has warned that Dridex is experimenting with new attack vectors.
Ronnie explains, "When one threat actor starts shifting TTP’s, it’s usually a big deal. Attackers get comfy in their infrastructure, some survive sinkholes, and they continue spamming or stealing money. One shift takes time, effort, and money on the attackers part. The part that people often forget is that attackers need people to maintain backends, code the malware, code panels, and patch exploits as researchers find them, or else they are going to be exploited by said researchers. Over the last few weeks, here at PhishMe, we've seen attackers experiment with Word documents with macros (typically Dridex); Neutrino malware; Pony malware; Zip with .js deliveries; straight .js files attached to the document, word exploits (CVE-2012-0158) and CAB attached files.
- Dulcie McLerie
- Cyber Security & e-Crime
- Posted On