The global cloud computing company is warning its customers that the Dyre Trojan might be used to target their login credentials. The Dyre banking Trojan, which typically targets customers of large financial institutions, was recently used in a large-scale, credential-phishing campaign targeting Bank of America, Citigroup, Royal Bank of Scotland and JPMorgan Chase customers. According to, there is no evidence that the attack was successful, nor that any of its customers have been impacted.

An Emerging Yet Rapidly Growing Trend

The use of the Dyre Trojan to target enterprise customers of is part of an emerging trend that has been rapidly growing over the last few years. So-called “banking Trojans” are no longer used only for targeting customers of large financial organizations — they are now increasingly used for targeting enterprises.

Trusteer, an IBM company, recently reported about another known banking Trojan, Citadel, which was used to target several petrochemical companies in the Middle East. The Citadel Trojan was instructed to wait until the user accesses any of the Internet-facing systems of the targeted organizations, such as Web mail, and grab all the information submitted by the user. This information would most likely include the user’s credentials, which would provide the attack with access to these systems.

In the past, banking Trojans like Zeus, Citadel, Shylock and now the Dyre Trojan were specifically designed to steal banking credentials and enable cybercriminals to commit financial fraud. They mainly used techniques like man-in-the-browser (MitB), or keylogging, to grab the user’s financial and personal information and enable fraudulent activities. Over the years, malware developers significantly extended the functionality of these Trojan families, creating new variants and extending their targets. Today these Trojans offer a wide range of powerful functions that allow cybercriminals to steal information from infected computers, gain access to networks to which these machines are connected and even gain full control over these machines.

The development of sophisticated new capabilities turns these Trojans into powerful advanced persistent threat (APT) tools. They are no longer focused solely on stealing personal and financial data from victims: These Trojans are now being used to target various organizations in search of sensitive business data, access to organizational systems and even access to operational systems.

Read the white paper: Proactive response to today’s advanced persistent threats

Massively Distributed Malware

Banking Trojans offer another advantage: They are massively distributed.

The use of massively distributed malware means that attackers don’t need to spear-phish targets or design custom malware. Instead, they use mass-distribution techniques to infect as many PCs as possible. These malware distribution campaigns can use malicious email attachments, drive-by downloads, watering hole attacks and social-engineering schemes to infect millions of PC around the world. The use of massively distributed malware allows cybercriminals to take advantage of millions of machines already infected with the Trojans.

In order to point these Trojans at new targets — in this case, enterprise organizations — the cybercriminal only needs to provide these Trojans with a new configuration file. The configuration file received from a command-and-control (C&C) server contains information about the targets as well as other operational details. The configuration file can also contain information about a new C&C the Trojan should start working with. This enables cybercriminals to repurpose existing Trojans on user machines as needed.

IBM Trusteer research found that, on average, one in 500 machines in the world is infected with massively distributed APT malware. Trusteer’s Security Services team reports that they discover massively distributed APT malware in every customer environment they work with. This means that any organization can become a target of these attacks. It is no longer a question of “if” machines will become infected; you must consider the possibility that some of the machines in your organization may already be infected. How will an infected user machine affect your organization?

Protecting Against Dyre and Other Massively Distributed APT Malwares

IBM Trusteer Endpoint Protection solutions, IBM Security Trusteer Apex Advanced Malware Protection and IBM Security Trusteer Rapport provide extensive protection against massively distributed APT malware families, including Dyre, Citadel, Zeus, SpyEye, Shylock and more. These solutions detect, mitigate and remediate massively distributed APT malware infections. Moreover, the IBM Trusteer Apex and Rapport solutions stop future infections and prevent endpoint compromise by applying integrated, multilayered defenses that break the threat life cycle. IBM Trusteer threat research is based on dynamic intelligence feeds from more than 100 million protected endpoints and translated into security updates that are automatically sent to protected endpoints.

Deployments of IBM Trusteer Endpoint Protection solutions are backed by Trusteer’s security services, which help enterprise organizations deal with massively distributed APT attacks and emerging threats.

More from Banking & Finance

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of Cybersecurity in Finance The 2021 X-Force Threat Index found that financial services were the most targeted industry. Manufacturing beat out…

Top Security Concerns When Accepting Crypto Payment

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s…