Security Advisor
'Dyre Wolf' Malware Steals Millions from Enterprises
Researchers at IBM have discovered an active attack
campaign using a variation of the Dyre Trojan that has already stolen millions
from organizations.
According to IBM, the campaign has used both malware and
social engineering techniques to
circumvent two-factor authentication security features of targeted enterprises.
While the identities of those responsible are unknown, IBM Senior Threat
Researcher John Kuhn said the group is well organized and talented.
"In this campaign, the attackers are several steps ahead of
everyone,"
wrote Kuhn. "Even while casting a
wide net to reel in victims via spear-phishing campaigns, these attackers are
targeting organizations that frequently conduct wire transfers with large sums
of money. It's also important to note that the majority of antivirus tools
frequently used as an organization’s first line of defense did not detect this
malware."
Kuhn said that those behind the Dyre Wolf malware are using
spear phishing techniques in e-mails targeted at those inside specific
enterprises for the initial infection. Once inside,
the ring has been able to transfer between $500,000 and $1.5 million from
victims. According to the report, all recent targets appear to be located
outside the U.S. and have focused on
organizations that regularly engage in large transactions.
While the variant of the Dyre Trojan appears to be new, IBM
researchers have been following the root malware since its discovery in June of
2014. Since appearing on the scene, it has been used to attack high-profile
targets including Citigroup, JPMorgan Chase and Bank of America. Its popularity
among attackers has also exploded, with the infection rate increasing from 500
in June of last year to 3,500 by October.
IBM suggests that the best way to protect organizations
from the Dyre Wolf and other variations is to increase user training and advise
workers on safe online practices. However, Richard Blech, CEO of security firm
Secure Channels, said that responsibility of avoiding this attack shouldn't only
lie with end users.
"If the definition of
technology is the application of scientific knowledge for practical purposes,
especially in industry, why are we blaming the user for not knowing enough?
Technology leaders need to stop blaming the user for inadequacies and 'needing
training,'" said Blech in an e-mailed comment. "Our duty in the technology
industry is to provide options for the user, based on innovation not blame.
Blech recommends that organizations
increase their multi-factor authentication security with "... tokenized Identity
using binary and biometrics resources which avoid outdated, easily hacked, and
easily forgotten alphanumeric passwords of yesterday."