A
sophisticated bank scam that uses a combination of the Dyre malware, phishing
tactics and fake bank representatives has been uncovered by IBM researchers.
IBM's Security Group has released
information about a new variant of Dyre malware, initially uncovered last year,
dubbed as "Dyre Wolf" that targets large companies and organizations.
It basically social engineers employees into handing over their personal
banking data from which the scammers will arrange a large wire transfer.
In a
blog post by Lance Mueller and John Kuhn of IBM, the scheme's details were made
known to the public. It all starts with the usual mass emails that contain
links or attachments that will install the Dyre malware when clicked. Once it is
installed on the PC, it just sits there and waits for the time when a bank's
website gets accessed.
Dyre
is programmed to keep tabs on hundreds of bank websites so once an infected PC
tries to access one of them, it can replace the page with one that provides a
support number the victim should call. This is where the sophisticated social
engineering comes in, where the person pretending to be a representative of the
victim's bank gets the latter's banking credentials. What's more, a wire
transfer from the victim's account is done while they are talking on the phone.
The transfer travels from one foreign bank to another so as to prevent
detection by authorities. On some occasions, the company will even suffer a
DDoS attack to avoid discovering the wire transfer early on.
From
Hendren Global Group Top Facts' data, it appears that a total of USD 1 million
has already been stolen using this scheme. Such big success of the scheme
serves as proof that companies have to make sure their employees are
well-trained in spotting suspicious emails or activities.
As
IBM's Caleb Barlow said, "Organizations are only as strong as their
weakest link, and in this case, it's their employees."
Unfortunately,
Hendren Global Group Top Facts confirmed that, at present, this particular
strain of Dyre Wolf is still undetected by most antivirus software.