Menu
Dyreza malware steals IT supply chain credentials

Dyreza malware steals IT supply chain credentials

The Trojan targets websites of companies that provide order fulfillment, warehouse management, wholesale computer distribution and other services.

Cyber-criminals using the Dyreza computer trojan appear to be shifting gears from online banking and moving into the industrial supply chain.

New versions of Dyreza are configured to steal credentials for order fulfillment, warehousing, inventory management, e-commerce and other IT and supply chain services. This represents a deliberate strategy on the part of attackers to target new industries at all points across the supply chain, researchers from security firm Proofpoint said in a blog post.

"We suspect a financial motivation," they said. "Once an attacker has obtained login credentials for their targeted systems, the potential to harvest payment information, make fraudulent financial transfers, and even divert physical shipments is immense."

Dyreza first appeared in June 2014 and was originally designed to steal online banking credentials by injecting its code into the local browser processes and monitoring login sessions. This attack technique is known as man-in-the-browser (MITB) and is commonly used by online banking trojans.

However, the attackers behind Dyreza have quickly developed an interest in more types of accounts. Over time, the trojan's target list was expanded to include job hunting, file hosting, domain registration, website hosting, tax services and online retail websites. In September 2014, Salesforce.com issued an alert to customers that Dyreza is targeting Salesforce credentials.

Last month, the Proofpoint researchers spotted over thirty new websites in the trojan's hit list. They belong to fulfillment and warehousing service providers; wholesale computer distributors and companies that offer inventory management, credit card processing, print distribution, print management, marketing, information management, storage and other IT services. Shopify, Apple and Iron Mountain are on the list.

"This latest evolution of Dyreza should dispel once and for all the myth that only financial institutions are targeted by credential-stealing MITB attacks from this malware strain."

The trojan is distributed through well-crafted email attacks that include documents with malicious macro scripts embedded in them.

In one example, attackers sent an email masquerading as a secure message from a bank. The attached Word document included the bank's logo and address, the date and what looked like an encrypted block of text. The page also has a "Secured by RSA" logo and the instruction to click on the "Enable Content" button in order to view the message.

Clicking on the "Enable Content" button does not decrypt the text. Instead, it executes the embedded macro script which downloads and installs Dyreza.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments