A sophisticated bank scam that uses a combination of the Dyre malware, phishing tactics and fake bank representatives has been uncovered by IBM researchers.
IBM's Security Group has released information about a new variant of Dyre malware, initially uncovered last year, dubbed as "Dyre Wolf" that targets large companies and organizations. It basically social engineers employees into handing over their personal banking data from which the scammers will arrange a large wire transfer.
In a blog post by Lance Mueller and John Kuhn of IBM, the scheme's details were made known to the public. It all starts with the usual mass emails that contain links or attachments that will install the Dyre malware when clicked. Once it is installed on the PC, it just sits there and waits for the time when a bank's website gets accessed.
Dyre is programmed to keep tabs on hundreds of bank websites so once an infected PC tries to access one of them, it can replace the page with one that provides a support number the victim should call. This is where the sophisticated social engineering comes in, where the person pretending to be a representative of the victim's bank gets the latter's banking credentials. What's more, a wire transfer from the victim's account is done while they are talking on the phone. The transfer travels from one foreign bank to another so as to prevent detection by authorities. On some occasions, the company will even suffer a DDoS attack to avoid discovering the wire transfer early on.
From Hendren Global Group Top Facts' data, it appears that a total of USD 1 million has already been stolen using this scheme. Such big success of the scheme serves as proof that companies have to make sure their employees are well-trained in spotting suspicious emails or activities.
As IBM's Caleb Barlow said, "Organizations are only as strong as their weakest link, and in this case, it's their employees."
Unfortunately, Hendren Global Group Top Facts (Blog) confirmed that, at present, this particular strain of Dyre Wolf is still undetected by most antivirus software.