This article originally appeared at The WHIR
Hackers have stolen millions of dollars from targeted companies with a malware campaign that IBM calls The Dyre Wolf. On Thursday, IBM security intelligence researchers released a report featuring a twist on Dyre malware that allows criminals to “go for the bigger payout.” IBM says organizations have lost amounts ranging from $500,000 to $1.5 million dollars.
The Dyre banking trojan has been in use since 2014. This recent variation has criminals using social engineering techniques to circumvent security measures such as two-factor authentication. A simple yet effective security measure, two factor authentication issues are also what allowed hackers to breach the JP Morgan network.
The infection rate for systems with Dyre in October 2014 grew from 500 cases to almost 3,500. “From an initial infection via the Upatre malware through a spear-phishing email to a distributed denial-of-service (DDoS) attack, the criminals carrying out this latest string of attacks are using numerous sophisticated techniques,”according to the report. “However, social engineering and the resulting banking credentials theft is the focus of this new campaign and is ultimately what is used to illicitly transfer money from victims’ accounts.”
“As we continue to see, cybercriminals grow in resourcefulness and productivity at alarming rates. They are sharing expertise on a global scale via the Deep Web and launching carefully planned, long-term attacks to attain the highest return on investment.
According to a report released by FireEye’s Mandiant division, cybercriminals can use a phishingattack to gain access to employee credentials and send messages from internal email accounts in as little as 30 minutes. Spear phishing and how to protect against it was the topic of a recent WHIR podcastwith cybersecurity expert Orlando Scott-Cowley.
The Dyre Wolf attack works in the typical way by a spear phishing email being opened, payload downloaded and the malware waits until the victim logs in to a bank account. Here is where the advanced social engineering comes into play. The software then tricks the victim into calling a “customer service” number where then then reveal banking information to a criminal. The attackers then wire the money and have it bounce between foreign accounts to avoid law enforcement. The attack finishes with a DDoS attack to the computer to prevent immediate investigation until it’s too late.
It is easy to see how financial motivation plays a role in cyberattacks with so much credit card and social security number information stored in accounts. In the last year hacks at Anthem, JP Morgan,Home Depot, Kmart, Dairy Queen, Xbox, Sony and ICANNhave exposed millions of credit card numbers, social security numbers, email addresses, passwords and financial information.