Dridex banks dark web hackers
The Dridex malware that stole millions from UK bank customers could have been better monitored if banks monitored hacker sites for emerging threats, according to ex-MI5 chief Lord EvansCC

The former head of the MI5 has said banks should use the dark web to stay ahead of hackers, citing a lack of "forward awareness" about the Dridex malware that syphoned tens of millions of pounds from customers' bank accounts. Lord Jonathan Evans, who now serves as a non-executive director at HSBC, said banks needed to invest more in intelligence capabilities but refused to reveal whether HSBC customers had been targeted by criminals in the Dridex campaign.

What is Dridex?

Dridex is a type of malware that allows criminals to spy on victim's computers to steal personal data, including online bank passwords and login details. First uncovered by researchers in November 2014, an investigation by the FBI and the UK's National Crime Agency led to the authors of the malware being exposed.

The malware can infect computers (so far no incidents with smartphones have been reported) through emails containing attachments purporting to be a document, such as a Microsoft Office file. Once opened, a small "macro" program is triggered that then downloads the Dridex payload.

"Those players in the industry who are at the leading edge are the ones who have really invested in their intelligence capabilities - both on their own networks and also in a much more forward-leaning approach to understanding what's happening on hacker sites in terms of developing capabilities," Evans said at the Good Exchange Cybersecurity Summit in London on Wednesday (14 October) in response to a question from IBTimes UK. "That is something where I think there is still work to do.

"Certainly giving yourself that forward awareness so that you're not waiting to see what arrives, you are out there trying to find out what might arrive, I think is quite a game changer. But it does require quite a lot of maturity in your systems in order to do that and it can be quite difficult for some companies to do that."

Since it was first discovered by security researchers in 2014, Dridex has been used by hackers to harvest online banking details from British bank accounts in order to steal more than £20m ($31m) of stolen funds. An investigation led by the Federal Bureau of Investigation (FBI) and the UK National Crime Agency (NCA) revealed this week that the malware has infected tens of thousands of computers across 27 different countries, targeting both large and small financial institutions.

The law enforcement agencies have since seized the Dridex botnet that was used to spread the malware, however cybersecurity experts have warned the software still exists. Others have said similar software could emerge from the dark web. In order to prevent similar attacks in the future, Evans reiterated the need for financial institutions to prioritise threat awareness.

"Different banks have different levels of maturity on this," he said. "Those who are at the front of the pack, the area that they really made a big difference was through developing their threat awareness. I think threat awareness is the game changer here. The more you rely on just a great big firewall around your bank and hope for the best, the less likely you are, it seems to me, to get ahead of the threat."

Evans' comments have been echoed by security researchers. In an emailed comment to IBTimes UK, Richard Beck, head of cybersecurity at QA, said: "The dark web is increasingly at the forefront of criminal innovation. Tapping into this hidden part of the Internet is the next chapter in the cat and mouse game of cybercrime being played out by the hackers and the IT security teams who continually try to catch them. Having an understanding of how the dark web works is the first step in being able to combat the illegal activities that go on there."