According to IBM threat researchers, the attack starts with a single user opening an infected email attachment. Once opened, that malware contacts the attacker's server then downloads and installs the Dyre malware which hijacks the user's address book and mails itself throughout the organization.
Then things get real fun. When a victim with an infected computer attempts to log in to a banking site monitored by the malware, it throws up a new screen that says that the site is experiencing issues and presents a phone number for that person to call to make their transaction. Once the attackers have all the information, a wire transfer is made that runs through a series of international banks to thwart authorities.
The entire attack relies on social engineering. The victims have to open the initial attachment and make the phone call that could cost their company a lot of money. This circumvents passwords and two-factor authentication because it goes around the digital entrance and gets critical information directly from the victim. IBM recommends companies train their employees to never open or click suspicious attachments or links and to remind employees that banks will never ask them for their banking credentials.
[Image Credit: IBM]