Del Heppenstall, Director in KPMG’s Midlands Cyber Security practice, comments on news out today that Dridex malware that is being used by hackers to harvest online banking details.
The National Crime Agency estimates British losses will run to £20million. The news comes as it has been announced that cyber crime will be included in ONS crime statistic figures for the first time from this month, with figures due out tomorrow. He said:
“Dridex is similar to other malware that we have seen in the past; it is delivered via email, with a word or excel document attached. The documents usually reference the name of a legitimate company and suggest that the attachment is an invoice or similar. In order for the malware to be installed, macros must be enabled in the attachments, but given that Microsoft disables this by default, users need to enable macros for the malware to be installed. Unfortunately many victims enable the macros and in turn allow the malware to install.
“Consumers really need to be extra vigilant with emails. In order to deal with this, people really shouldn’t open emails that have attachments that they don’t recognise, they should just delete them. If an email appears to come from a legitimate organisation, recipients should verify it with them first. More importantly, users need to make sure they have provisions in place to detect viruses and malware. Having an anti-virus and anti-malware solution is a must and keeping it up to date is as important. The same rule applies to the operating system, people need to make sure they have the latest software and operating system updates.”