Anyone who has been paying attention to the latest cybersecurity news might have noticed a big story breaking in early December. Two Russian hackers were indicted in what is considered to be the largest cybercrime spree in history.
Maksim Yakubets and Igor Turashev are the leaders of Evil Corp, a hacking organization, thought to be responsible for an estimated $70 to $100 million in theft from bank accounts across the US. Their victims have ranged from large corporations to small organizations, school districts, and even a town in Massachusetts.
This case sheds light on the state of cybersecurity, the audacity of hackers, and all the reasons why a strong cybersecurity plan is so critical. Read on to learn about how Yakubets and Turashev have gotten away with draining bank accounts since 2009 and what organizations can do right now to avoid falling prey.
The Rise of Multi-Million Dollar (and Victim) Schemes
The US Justice and Treasury departments believe that far more than $100 million was stolen from Americans over the past decade. The 32-page criminal complaint estimates that the real number of stolen bank funds may lie somewhere around $220 million, with additional business losses exceeding another $75 million.
How did they get away with this? Yakubets and Turashev have been active since 2009. Their career began with the deployment of several pieces of malware—most notably “ZeuS.” The ZeuS malware infected business computers with keylogging software specifically designed to capture passwords, account numbers, and other credentials to make fraudulent withdrawals from bank accounts to offshore bank accounts held by Evil Corp. ZeuS was extremely successful, even managing to get installed on government-owned computers in Egremont, Massachusetts.
In 2015, Evil Corp repeated the exercise with “Dridex,” a malware that performed much the same functions as ZeuS. However, unlike ZeuS, Dridex was designed to evade the most common antivirus software. It also targeted cryptocurrency wallets.
Both ZeuS and Dridex spread through phishing emails—counterfeit emails designed to trick users into handing over credentials. Users would be presented with a Microsoft Word or Excel document that appeared to be an invoice or a receipt, depending on whether the target was an individual or a business. Once opened, the malware exploited macros native to Microsoft Office to install itself on the computer.
As of 2019, Dridex remains active. CISA notes that many derivatives of Dridex have sprung up, both put out by Evil Corp and by others who have sought to harness this effective malware. Although it primarily affects the private financial industry, Dridex and its derivatives have become the second most active malware on the internet, with ZeuS remaining a close third.
How to Protect a Business Against Phishing Attacks in 2020
In 2019, phishing was the number one cybersecurity threat—at least 32 percent of all attacks involved phishing. Likewise, it’s estimated that one in 99 emails received by employees includes a phishing attempt. Therefore, consider one or all of the following best practices to protect a business against a phishing attack:
- Forbid employees from inserting links into emails or clicking on links in emails. Links can be easily masked to look like a legitimate URL. Instead, train employees to navigate to safe login URLs via their web browser. Reinforce this habit by disallowing links in internal emails.
- Encourage people to reach out to colleagues via other ways if they think an email is suspicious. Call, text, or physically confirm that an email is legitimate before interacting with it.
- Use a secure web browser. Google Chrome sandboxes each of its browser tabs, so even if a virus gets out of an email, it may not be able to get out of the browser.
- Use modern antivirus and malware detection software. Make sure security software like the antivirus is up-to-date and working with the latest virus databases.
- Encourage employees to report instances of phishing. Train employees to inform the IT department of phishing attempts. Your IT team should be keeping a record of these attempts to spot patterns or consistent senders and build a better training model for the future.
- Create an email communication policy. Layout who can send emails, what can be sent, when employees might expect to receive emails from superiors, and where they can log into work emails.
Stay Up-to-Speed With Cybersecurity News with CDS
Cybersecurity news is full of successful breaches and million-dollar losses sustained by massive corporations. However, it also contains glimpses into the actual workings of cybercriminals as well. By studying the work of Evil Corp, organizations can become more familiar with just how and why these attacks are so damaging.
ZeuS and Dridex were built on an aggressive phishing campaign, a type of cyberattack that remains common today. Therefore, by following the best practices against phishing, a business can better prepare to thwart the next attack that comes.
Does your cybersecurity strategy need an upgrade? Contact CDS today to discuss your goals and challenges.