Guard Your Sheep, The Dyre Wolf is Coming
IBM announced this week that it had uncovered a highly-sophisticated scheme to steal funds from medium to large U.S.-based companies. The scheme dubbed “The Dyre Wolf” only targets companies, unlike past schemes which also targeted individuals. Each attack has resulted in corporate theft of $500,000 to $1.5 million, none of which has been recovered. If this amount does not cause corporate executives to stand and take notice, the level of sophisticated tactics used in the scheme should.
While Dyre banking malware has been around since 2014, The Dyre Wolf is unique as it uses an unparalleled set of social engineering techniques to carry out the attack. According to John Kuhn, Senior Threat Researcher at IBM Managed Security Service, it also specifically targets “organizations that frequently conduct wire transfers of large sums of money.” The Dyre Wolf starts its attack with a traditional phishing email that contains an unsafe link or attachment. Once the email is accessed, the Dyre program is installed on the computer. The criminals then sit back and wait for company employees to access a bank website. If a bank website is accessed, an on-screen prompt will alert the user that the website is not working. The employee is then given a fake telephone number so that he/she can call the bank and conduct the transaction. Brazenly, a live English-speaking individual is on the other end of the phone line. The wire transfer and banking information is then given over the phone, and the fraudulent transaction is completed almost immediately. The money then travels down a maze of bank transfers ensuring that it is extremely difficult, if not impossible, to find.
This type of scheme is not run by the Gen-Y’er living in mom’s basement. The Dyre Wolf is likely run by a highly-organized cybercrime organization with the finances and manpower to evolve and implement a series of these schemes around the world.
So what does this mean for companies? The Dyre Wolf is likely a window into the type of cyber-attack companies will see in the future. As a result, companies should keep a few things in mind. This, and similar schemes, are dependent upon an individual opening a link or attachment from a fake source as part of a phishing email. Without someone falling for the phishing email, the malware cannot be installed on the computer. Employers should diligently train employees not to open suspicious links or attachments. Employers should also consider implementing training exercises to assist employees in identifying and reporting suspicious emails. Employees should also be repeatedly trained to never give out sensitive company information to unknown and unverified individuals.Margaret H. Loveman