This week saw a resurgence of the Dridex malware. There is little novel or outstanding about the malware – it infects PCs through a Microsoft Office document which victims are encouraged to open in order to trigger a malicious macro. Once installed, the malware harvests data when the victim conducts online banking. Normal stuff. Reports say £20 million has been stolen.
What got my attention however, is the perfunctory advice given to consumers to protect against this type of threat. For example, the FBI recommend installing AV software. Although all AV solutions now detect Dridex as it has been around for over a year, the technology does not protect against new attacks aimed at harvesting banking credentials.
I’ve been going on about this for about a decade now. AV relies heavily on signature-based scanning, a technology which was never designed to detect new malware. Security advice by the FBI and others is getting more and more tired and misleading. Advising users they need to install AV to protect against new malware simply provides a false sense of security. AV is only effective against known malware (i.e. the old stuff) whose existing signatures have not been altered. Signature-based scanning is a constant race where you are always one step behind the latest attacks.
New malware which key logs user’s banking credentials can only be thwarted by mechanisms which secure data entries in the presence of the new, undiscovered malware. Effective solutions are those which safeguard data such as banking login credentials from the moment the user presses the key to enter username and password. Products which do this include this one, this one and this one.