Protecting Customers from Sophisticated Malware Attacks | GBAF

Protecting Customers from Sophisticated Malware Attacks | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Technology > DEALING WITH DRIDEX – PROTECTING END-USERS FROM NEW STRAINS OF MALWARE

DEALING WITH DRIDEX – PROTECTING END-USERS FROM NEW STRAINS OF MALWARE

Published by Gbaf News

Posted on December 1, 2015

4 min read

Last updated: January 22, 2026

Illustration of malware threats like Dridex affecting banking security - Global Banking & Finance Review — This image highlights the dangers of Dridex malware in the banking sector, illustrating how new strains of malware threaten end-users' security and financial safety.

Paul Dignan, Systems Engineer, F5 Networks

Last month, criminals used new strains of malware to steal £20 million from UK banking customers, highlighting the dangers of such viruses in a very high-profile way. The use of Dridex malware to infect customer machines, steal login credentials and subsequently steal significant sums from customer accounts shows how these incidents can directly impact end-users. As these types of attack become increasingly common, traditional defences need to be rethought, as concerns amplify over whether they can protect users sufficiently.

Evolving techniques

Of course, best practices should still be adhered to; users should always maintain strong passwords and avoid opening email attachments from unknown sources, but infection techniques are much more sophisticated in the current cybersecurity landscape. Hackers are using techniques such as drive-by infection (auto downloads from websites without the user authorisation) and watering hole attacks (compromising high use websites with malware), meaning that devices can get infected without the user necessarily facilitating the compromise.

As a malware strain, Dridex is fairly well known and, as such, is reasonably easy to detect. Other strains, such as Dyre and Tinba, are significantly more difficult to detect. In addition, with source code for many malware types being released to the hacking community, we are now seeing upsurges in strains that had previously been mitigated. These are modified versions of the original with potentially differing signatures that will defeat traditional signature based solutions.

Mitigating malware

How then have financial organisations sought to deal with these types of risks? Many have invested in sophisticated anti-fraud systems that track transactions and use complex analysis to identify potentially fraudulent activity. This is all well and good, but does not consider defence against compromise of the endpoint device. Many financial organisations have solutions for this too, but in general these require client software to be installed on the end user device. This presents a problem, as customer take-up of these components is usually low. Despite the banks not mandating that these software components must be used, there have been high profile cases where the customers have been penalised for neglecting to use them. This demonstrates that there is often a gap in the protection being provided.

It’s all about the app

How then can organisations best protect the customers against their own devices? We have established that the end-point device is a challenge, but what about the data centre? Applications are not necessarily the right place to apply security controls, because typically application developers are not security specialists and conversely, security specialists tend not to be application specialists, thus causing a disconnect. However, the real challenge is that attacks from the malware will typically be at application level; these can take the form of automated transactions, piggy-backing sessions and much more, so the protection needs to be capable of detecting these attacks. Ideally then, the protection needs to be applied without needing to update the applications and without updating the client. For this aim to be realised, protection in flow is required, as the traffic traverses from the application to client and vice versa. If this can be achieved and changes to application traffic can be detected, reported and ultimately mitigated then the impact that malware brings to the customer can be reduced. In addition, malware tends to capture credentials from the browser – prior to it being encrypted for transport via Secure Socket Layer (SSL). These credentials are then sent to the hacker’s command and control centre for them to re-use. Therefore, a solution with an ability to encrypt the credentials before the malware can access them stands the best chance of alleviating the problem.

Whilst the threat landscape is relentlessly evolving, the recommendations remain relatively constant: apply as much security as possible. In the case of modern malware attacks, however, making security measures as easy to apply as possible, and not relying solely on the customer, hold the keys to improving the situation.