Menu
Dyreza malware steals IT supply chain credentials

Dyreza malware steals IT supply chain credentials

The Trojan targets websites of companies that provide order fulfillment, warehouse management, wholesale computer distribution and other services.

Cyber-criminals using the Dyreza computer trojan appear to be shifting gears from online banking and moving into the industrial supply chain.

New versions of Dyreza are configured to steal credentials for order fulfillment, warehousing, inventory management, e-commerce and other IT and supply chain services. This represents a deliberate strategy on the part of attackers to target new industries at all points across the supply chain, researchers from security firm Proofpoint said in a blog post.

"We suspect a financial motivation," they said. "Once an attacker has obtained login credentials for their targeted systems, the potential to harvest payment information, make fraudulent financial transfers, and even divert physical shipments is immense."

Dyreza first appeared in June 2014 and was originally designed to steal online banking credentials by injecting its code into the local browser processes and monitoring login sessions. This attack technique is known as man-in-the-browser (MITB) and is commonly used by online banking trojans.

However, the attackers behind Dyreza have quickly developed an interest in more types of accounts. Over time, the trojan's target list was expanded to include job hunting, file hosting, domain registration, website hosting, tax services and online retail websites. In September 2014, Salesforce.com issued an alert to customers that Dyreza is targeting Salesforce credentials.

Last month, the Proofpoint researchers spotted over thirty new websites in the trojan's hit list. They belong to fulfillment and warehousing service providers; wholesale computer distributors and companies that offer inventory management, credit card processing, print distribution, print management, marketing, information management, storage and other IT services. Shopify, Apple and Iron Mountain are on the list.

"This latest evolution of Dyreza should dispel once and for all the myth that only financial institutions are targeted by credential-stealing MITB attacks from this malware strain."

The trojan is distributed through well-crafted email attacks that include documents with malicious macro scripts embedded in them.

In one example, attackers sent an email masquerading as a secure message from a bank. The attached Word document included the bank's logo and address, the date and what looked like an encrypted block of text. The page also has a "Secured by RSA" logo and the instruction to click on the "Enable Content" button in order to view the message.

Clicking on the "Enable Content" button does not decrypt the text. Instead, it executes the embedded macro script which downloads and installs Dyreza.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments