IBM has exposed a sophisticated fraud scheme which used a combination of new malware and old-fashioned social engineering to rob companies of more than $1 million.
IBM security researchers have named the new malware as “The Dyre Wolf”. The new malware is a version of the Dyre malware that is specifically used for targeting online banking websites.
According to the IBM researchers, the Dyre Wolf attack starts when an e-mail containing the malware is sent to an employee of the targeted enterprise. Once the e-mail is opened, the malware contacts the attacker’s server then downloads and installs the Dyre malware which hijacks the user’s address book and mails itself throughout the organization.
When a victim with an infected computer attempts to log in to a banking site monitored by the malware, it shows a new screen that says that the site is experiencing issues and instructs the user to call the bank at a number used by the attacker.
If users call that number, they get through to an English-speaking operator who already knows what bank the users think they are contacting. The operator then cons the user to cough out their banking details which is then used to initiate a wire transfer to take money out of the relevant account.
The attacker finishes the attack by mounting a distributed denial-of-service attack that prevents anyone from investigating the wire transfer until it has already been completed.
The use of a live phone operator is what makes the Dyre Wolf scam one of a kind, said Caleb Barlow, vice president of IBM Security.
“What’s very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques that I think are unprecedented,” said Barlow.
“The focus on wire transfers of large sums of money really got our attention.”
IBM recommends companies to train their employees in spotting phishing attacks and to never provide banking credentials to anyone in order to avoid being victims of the Dyre Wolf scheme.
