Figure 1 shows relative message volumes for Dridex campaigns over the last two months.įigure 1: Indexed relative Dridex message volumes since mid-June 2016 However, this volume does not even approach the multimillion-message campaigns of May 2016. On August 15 and 16, the largest observed campaign since the middle of June delivered tens of thousands of messages, primarily targeting financial services and manufacturing organizations. Throughout July and August 2016, we have tracked a number of very small Dridex attachment campaigns, varying from single digits to a couple thousand messages each. In this post we’ll investigate the recent Dridex campaigns, including their message volumes and targeting, and provide possible reasons for changes in the mode of operation. The much lower volume suggests a higher degree of targeting, freeing the actors to pursue more lucrative malware attacks and leverage stolen information more effectively. More recently, though, Dridex email message volumes have dropped to a relative trickle, and a new geography of interest, Switzerland, has emerged. Even when the actors behind distribution of Dridex began distributing Locky ransomware in February, 2016, they would often switch between the two payloads or distribute them simultaneously. Since it was first detected in November 2014, Dridex has been one of the most prolific pieces of malware worldwide.
0 kommentar(er)
