Security Advisor

'Dyre Wolf' Malware Steals Millions from Enterprises

Researchers at IBM have discovered an active attack campaign using a variation of the Dyre Trojan that has already stolen millions from organizations.

According to IBM, the campaign has used both malware and social engineering techniques to circumvent two-factor authentication security features of targeted enterprises. While the identities of those responsible are unknown, IBM Senior Threat Researcher John Kuhn said the group is well organized and talented.

"In this campaign, the attackers are several steps ahead of everyone," wrote Kuhn. "Even while casting a wide net to reel in victims via spear-phishing campaigns, these attackers are targeting organizations that frequently conduct wire transfers with large sums of money. It's also important to note that the majority of antivirus tools frequently used as an organization’s first line of defense did not detect this malware."

Kuhn said that those behind the Dyre Wolf malware are using spear phishing techniques in e-mails targeted at those inside specific enterprises for the initial infection. Once inside, the ring has been able to transfer between $500,000 and $1.5 million from victims. According to the report, all recent targets appear to be located outside the U.S. and have focused on organizations that regularly engage in large transactions.

While the variant of the Dyre Trojan appears to be new, IBM researchers have been following the root malware since its discovery in June of 2014. Since appearing on the scene, it has been used to attack high-profile targets including Citigroup, JPMorgan Chase and Bank of America. Its popularity among attackers has also exploded, with the infection rate increasing from 500 in June of last year to 3,500 by October.

IBM suggests that the best way to protect organizations from the Dyre Wolf and other variations is to increase user training and advise workers on safe online practices. However, Richard Blech, CEO of security firm Secure Channels, said that responsibility of avoiding this attack shouldn't only lie with end users.

"If the definition of technology is the application of scientific knowledge for practical purposes, especially in industry, why are we blaming the user for not knowing enough? Technology leaders need to stop blaming the user for inadequacies and 'needing training,'" said Blech in an e-mailed comment. "Our duty in the technology industry is to provide options for the user, based on innovation not blame.

Blech recommends that organizations increase their multi-factor authentication security with "... tokenized Identity using binary and biometrics resources which avoid outdated, easily hacked, and easily forgotten alphanumeric passwords of yesterday."

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

comments powered by Disqus

Subscribe on YouTube