The National Crime Agency (NCA) is urging internet users to enhance their security following the discovery of a sophisticated strain of the Dridex malware responsible for siphoning off millions of pounds from UK banks.
Attacks using the malware have resulted in up to £20m being stolen from UK banks, according to the NCA, and a joint operation between law enforcement and security researchers has been set up to combat the threat.
Dridex originated in eastern Europe and is used by cyber criminals to steal money from individuals and businesses across the world.
The malware typically uses a form of email phishing to spread, and has a number of variants. It steals sensitive information by taking screenshots of online forms and using a type of HTML injection to steal bank log-in details.
The stolen data is often sold on underground marketplaces on the dark web to fund further criminal activities.
The NCA is attempting to ‘sinkhole' the malware by stopping infected computers communicating with the cyber criminals controlling them. This activity is in conjunction with a US sinkhole being set up by the FBI.
Mike Hulett, head of operations at the NCA's Cyber Crime Unit, said: "This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes."
Crime agencies including the NCA, FBI, Europol and GCHQ have teamed up with security experts in a collaborative effort to take down the malware operation.
Furthermore, by working alongside authorities in Moldovia the operation has resulted in one arrest being made to date.
An indictment unsealed by the US Justice Department revealed that Andrey Ghinkul, 30, from Moldovia has been charged on nine counts, including criminal conspiracy, unauthorised computer access with intent to defraud, damaging a computer, wire fraud and bank fraud.
The US is now attempting to extradite Ghinkul, who was linked to a botnet known as Bugat, a variant of Dridex currently plaguing the UK.
The FBI teamed up with security experts at Trend Micro to take down numerous command-and-control (C&C) servers used by the Dridex botnet.
Unlike other forms of malware, Dridex is able to operate using a botnet-as-a-service business model and can run several networks, each identified by a number and containing a set of target banks.
"US law enforcement officials obtained court orders that resulted in the seizure of multiple servers used by Dridex. This crippled the malware's C&C network, which is used to send the stolen information to the cyber criminals and to download configuration files that include the list of targeted banks," reported Trend Micro.
FBI executive assistant director Robert Anderson urged all internet users to keep computer systems updated.
"Ensure you have up-to-date security software and think twice before clicking on links or attachments in unsolicited emails," he warned.
"Those who commit cybercrime are very often highly skilled and can be operating from different countries and continents. They can and will deploy new malware and we, along with our partners, are alive to this threat and are constantly devising new approaches to tackle cybercrime.
"Cyber criminals often reach across international borders, but this operation demonstrates our determination to shut them down no matter where they are."
James Maude, senior security engineer at Avecto, agreed that businesses need to be prepared to deal with potential malware attacks.
"In order to get ahead of the latest malware threats we need to accept that detection will fail, as antivirus is effective less than 50 percent of the time," he said.
"This latest malware campaign is a perfect example of the cat and mouse game that traditional reactive security solutions play with malware authors."
Dridex, which first came on the scene in 2014, quickly gained notoriety as the successor to GameoverZeus, a trojan spread via email that gives the hacker control over an infected system, including log-in credentials, banking details and system information.
Open source solutions provider makes acquisition in bid to shore up cloud development tools business
Aims to "end data bottlenecks"
Looking to boost your career in IT? Here are the best-earning roles out there!
The BlackBerry KeyOne is a strange device that brings the best of BlackBerry and Android together in a Qwerty-equipped package, but it won't be for everyone