IcedID targets the U.S. and Canadian banks

Delaware, USA ā€“ November 14, 2017 ā€“ Cybercriminals’ arsenal is expanded with banking Trojan IcedID. It was discovered by researchers from IBM X-Force, and they argue that this is not a modification of any of the existing malware, but an entirely new one. IcedID targeted North American banks, and it is distributed via botnet associated with another malware – Emotet, which in this case serves to deliver IcedID to already compromised systems. This banking Trojan leverages both the sophisticated redirection scheme and web injection attacks. In addition, this Trojan has a toolset for network propagation and infection of terminal servers, so it poses a significant threat to organizations.

Attackers continue to improve this banking Trojan. It was first discovered in September 2017, and for two months its functions have significantly expanded, and the modular code of this malware allows adversaries to modify it depending on the goals of their campaign. Protection from modern threats requires a proactive approach to detection tools since signature-based antivirus solutions can’t find completely new malware. You can register in Use Case Cloud and get content for QRadar, ArcSight and Splunk, which can provide your SIEM with capabilities to quickly detect significant security incidents and reduce the number of false positives.