One of the worst examples of financial malware appears to have fallen silent after operators were reportedly arrested in Moscow after a rare raid by the Federal Security Service of the Russian Federation (FSB).
Reuters reports Russian police raided Moscow film studio 25th Floor and a neighbouring office in November. Western law enforcement authorities are apparently aware of the incident but Moscow has kept mum with requests to the FSB for comment unanswered at the time of writing.
The Register has inquired with police and threat intelligence sources previously tracking the malware group.
Little is known about the gang behind the Dyre malware. It is understood to have links to the FBI’s most wanted cyber criminal Evgeniy Mikhailovich Bogachev aka Slavik ,who switched over to the crimeware after his pet project Gameover was take down in raids by authorities.
The malware is an advanced trojan capable of evading white hat analysis tools and antivirus products and was spreading rapidly last year. But Dyre became less so as 2015 wore on, then fell silent in November.
It is known to be responsible for inflicting tens of millions of dollars in damages to Western banks and businesses in the US, the UK, and Australia, spreading through dozens of separate spam and phishing campaigns since June 2014.
In May Dyre was fingered for stealing some US$5.5 million from budget carrier RyanAir and has fleeced individual businesses of up to $1.5 million each in large scale wire transfers using stolen online banking credentials.
Dyre flatlines. Image: IBM.
IBM analysis shows the Dyre activity flatlined in November after a steady decline since October. Sudden silence from malware operators is generally a hallmark of arrests in the cybercrime world but an intentional hiatus it is not without precedent.
Researchers from Russia’s Kaspersky Labs reported the Carbanak gang had resumed campaigns with renewed gusto after falling silent for five months last year during which time analysts assumed the gang had disbanded.
Dyre’s domination. Image: IBM.
IBM security expert Limor Kessem suggests the death in activity gives credibility to the possible arrests.
“It has been close to three months now since Dyre went silent,” Kessem says.
“This in and of itself could have been a pause taken by its operators, an occurrence that happens from time to time.
“But cybercrime gangs like Dyre do not typically stay out of the game for three whole months unless they are in trouble.”
Kessem says the arrests if confirmed would be one of the most significant in Russia’s history.
“A world without Dyre would definitely be safer for the financial sector in just about every country where the malware regularly attacked banks,” she says. “But Dyre’s absence will also give a bigger market share to other malware.” ®
Building secure multi-factor authentication