Recently, IBM Security reported on an active cyber attack campaign they called “Dyre Wolf.” This attack shows incredible innovation in using a form of malware called ‘Dyre’ along with spearfishing, phishing, social engineering, and Denial of Service (DDoS) attacks in various combinations. As part of the infection, the Dyre malware establishes a persistent service running on a victim’s computer called “Google Update Service.” This service is set to run automatically every time the system starts. At some point, a screen will pop up telling users that the bank’s site is down, and to call a certain phone number. When the victim calls this number, English-speaking cybercriminals extract banking details from the callers. After this, large wire transfers are made from the compromised account. The money is moved in and out of various international bank accounts until finally cashed out by mules. As money is being moved, some victims also experience a DDoS attack so they are unable to use their web resources. The thefts are discovered too late to do anything about them.
What can you do about this? First, realize that your organization is only as strong as your weakest link. Proactive education and security awareness are critical. Secondly, consider performing mock phishing attacks on your employees to see where your weaknesses are–you’ll learn a lot. Educate your employees on basic cyber security. Then, run the mock phishing attack again later to see if you’ve made any improvements and adjust. Last, train employees in charge of corporate banking to never provide banking credentials to anyone.
