Security Advisor

'Dyre Wolf' Malware Steals Millions from Enterprises

Researchers at IBM have discovered an active attack campaign using a variation of the Dyre Trojan that has already stolen millions from organizations.

According to IBM, the campaign has used both malware and social engineering techniques to circumvent two-factor authentication security features of targeted enterprises. While the identities of those responsible are unknown, IBM Senior Threat Researcher John Kuhn said the group is well organized and talented.

"In this campaign, the attackers are several steps ahead of everyone," wrote Kuhn. "Even while casting a wide net to reel in victims via spear-phishing campaigns, these attackers are targeting organizations that frequently conduct wire transfers with large sums of money. It's also important to note that the majority of antivirus tools frequently used as an organization’s first line of defense did not detect this malware."

Kuhn said that those behind the Dyre Wolf malware are using spear phishing techniques in e-mails targeted at those inside specific enterprises for the initial infection. Once inside, the ring has been able to transfer between $500,000 and $1.5 million from victims. According to the report, all recent targets appear to be located outside the U.S. and have focused on organizations that regularly engage in large transactions.

While the variant of the Dyre Trojan appears to be new, IBM researchers have been following the root malware since its discovery in June of 2014. Since appearing on the scene, it has been used to attack high-profile targets including Citigroup, JPMorgan Chase and Bank of America. Its popularity among attackers has also exploded, with the infection rate increasing from 500 in June of last year to 3,500 by October.

IBM suggests that the best way to protect organizations from the Dyre Wolf and other variations is to increase user training and advise workers on safe online practices. However, Richard Blech, CEO of security firm Secure Channels, said that responsibility of avoiding this attack shouldn't only lie with end users.

"If the definition of technology is the application of scientific knowledge for practical purposes, especially in industry, why are we blaming the user for not knowing enough? Technology leaders need to stop blaming the user for inadequacies and 'needing training,'" said Blech in an e-mailed comment. "Our duty in the technology industry is to provide options for the user, based on innovation not blame.

Blech recommends that organizations increase their multi-factor authentication security with "... tokenized Identity using binary and biometrics resources which avoid outdated, easily hacked, and easily forgotten alphanumeric passwords of yesterday."

About the Author

Chris Paoli is the site producer for and


  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.