The global operation to combat sophisticated banking malware has brought law enforcement and security experts closer together to fight the one adversary they have in common: the cyber criminal.
Most recently, crime agencies across the globe, including the FBI, NCA, GCHQ and Europol, have banded together with security firms such as Trend Micro to share intelligence and take down notorious malware strains such as Dridex, also known as Bugat.
Many malware variants exist, but Dridex is a financial threat that adds an infected computer to a malicious botnet. It then injects code into the victim's browser to steal information, including banking details.
Difficult to combat
Jens Monrad, systems engineer at security firm FireEye, explained that Dridex, which originated in eastern Europe in 2014, is often difficult to track.
"Dridex is harder to detect than other information-stealing malware because it uses some legitimate processes on the victim's endpoint," he said.
"This makes it harder to spot and in many cases it is triggered by user activity, such as opening a decoy spreadsheet, Word document or enabling or lowering macro security standards in Microsoft Office when asked to do so by the malware."
Monrad stressed Dridex is much more than a simple key-logger targeting bank details, as the stolen data is often used to bulk up thriving underground marketplaces.
"One thing that is a bit misleading is that, while Dridex is responsible for stealing millions of pounds from bank accounts, the capabilities of Dridex are much more than just targeting bank accounts," said Monrad.
"The stolen information, if it can't be monetised by the cyber criminal, will end up being sold or auctioned on forums where buyers are looking for legitimate credentials to gain access to companies.
"This can also mean that a Dridex compromise can escalate from a financial risk for the company to a risk of losing sensitive information, such as research and development, merger and acquisition documents and other confidential information which can hurt business operations."
David Emm, principle security researcher at Kaspersky Lab, said that the latest Dridex attack, which has reportedly cost UK banking institutions up to £20m, uses a familiar entry point: email.
"As is typical for many banking trojans, Dridex enters the PC through an infected email and attachment, or in some cases an infected Word document. Essentially, this gives hackers a backdoor to conduct espionage, data exfiltration and remote control," he explained.
"Like a bug, once in the system hackers can move around until they find their point of interest. Ultimately, this means they can extract any data useful to them.
"We recommend home and business users ensure their systems are scanned for the malware and patched where necessary, immediately use internet security protection software for any future attacks, don't click on any suspicious emails or links and ensure passwords remain as secure as possible."
Emm called on internet users to remain extra vigilant and to ensure that computer systems are updated.
"Exploiting vulnerabilities in our passwords is a top priority for hackers and they are often our first line of defence when it comes to protecting online transactions," he said.
"In light of this recent attack, we need to make sure any passwords are changed and that we never use the same username and password on different sites, as this is key to giving cyber criminals easy access to bank and e-commerce accounts."
A slow process
Candid Wueest, threat researcher at Symantec, agreed that consumers have to beef up their online protection, as he warned that operations to curb the evolution of banking malware will not stop the problem.
"It is clear that these operations have had some success, but cutting off one head of the Hydra won't kill it," he warned.
Nevertheless, evidence suggests that the efforts have, at the very least, contributed towards a slowdown in financial trojans.
"Despite the criminals' best efforts, financial Trojan infections decreased by 35 percent in 2014, thanks in part to the efforts of different law enforcement agencies in cooperation with the security industry," said Wueest.
This is backed up by Symantec's State of Financial Trojans 2014 whitepaper (PDF), which showed that Dridex was the third largest financial threat last year, accounting for some 29,000 detections. Overall this was down 88 percent since 2012.
David Kennerley, senior manager for threat research at security firm Webroot, explained that the best way to halt Dridex attacks is to educate employees in cyber security.
"Attacks like these highlight the fact that no organisation is immune and that businesses really need to focus on educating employees," he said.
"Comprehensive security systems are the first step, but prevention though knowledge is the key to stemming the onslaught of the attacks we are seeing.
"Remember that the delivery mechanism for Dridex is a simple email with a macro-enabled attachment - as old school as it gets."
It remains clear that the spread of malware is increasingly difficult to combat and that, despite the joint operations of law enforcement, the security threat posed by highly evolved trojans will continue to haunt businesses and individuals on a global scale.
Latest Tesla news: Tesla share price continues to fall after Saudi Arabia's sovereign wealth fund is linked to investment in rival
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
RTX 280 Ti will come with 11GB of fast GDDR6 video RAM with a 352-bit memory bus offering 616Gbps
The scale of jobs lost to automation will be at least as large as those in the first three industrial revolutions
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC