Menu
Dyreza malware steals IT supply chain credentials

Dyreza malware steals IT supply chain credentials

The Trojan targets websites of companies that provide order fulfillment, warehouse management, wholesale computer distribution and other services.

Cyber-criminals using the Dyreza computer trojan appear to be shifting gears from online banking and moving into the industrial supply chain.

New versions of Dyreza are configured to steal credentials for order fulfillment, warehousing, inventory management, e-commerce and other IT and supply chain services. This represents a deliberate strategy on the part of attackers to target new industries at all points across the supply chain, researchers from security firm Proofpoint said in a blog post.

"We suspect a financial motivation," they said. "Once an attacker has obtained login credentials for their targeted systems, the potential to harvest payment information, make fraudulent financial transfers, and even divert physical shipments is immense."

Dyreza first appeared in June 2014 and was originally designed to steal online banking credentials by injecting its code into the local browser processes and monitoring login sessions. This attack technique is known as man-in-the-browser (MITB) and is commonly used by online banking trojans.

However, the attackers behind Dyreza have quickly developed an interest in more types of accounts. Over time, the trojan's target list was expanded to include job hunting, file hosting, domain registration, website hosting, tax services and online retail websites. In September 2014, Salesforce.com issued an alert to customers that Dyreza is targeting Salesforce credentials.

Last month, the Proofpoint researchers spotted over thirty new websites in the trojan's hit list. They belong to fulfillment and warehousing service providers; wholesale computer distributors and companies that offer inventory management, credit card processing, print distribution, print management, marketing, information management, storage and other IT services. Shopify, Apple and Iron Mountain are on the list.

"This latest evolution of Dyreza should dispel once and for all the myth that only financial institutions are targeted by credential-stealing MITB attacks from this malware strain."

The trojan is distributed through well-crafted email attacks that include documents with malicious macro scripts embedded in them.

In one example, attackers sent an email masquerading as a secure message from a bank. The attached Word document included the bank's logo and address, the date and what looked like an encrypted block of text. The page also has a "Secured by RSA" logo and the instruction to click on the "Enable Content" button in order to view the message.

Clicking on the "Enable Content" button does not decrypt the text. Instead, it executes the embedded macro script which downloads and installs Dyreza.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments