Latest in Dyrewolf

Image credit:

Dyre Wolf attack swipes $1 million in wire transfers

509 Shares
Share
Tweet
Share
Save

Sponsored Links

Hackers continue their brazen attacks on organizations and are even having their victims call them on the phone to hustle them out of their company's money. That's what IBM's Security Intelligence division has discovered while researching a malware-based attack they have dubbed The Dyre Wolf that's responsible for stealing more than $1 million. The coordinated campaign uses targeted spear phishing emails, malware and good ol' chatting-on-the-phone social engineering to go after organizations that use wire transfers.

According to IBM threat researchers, the attack starts with a single user opening an infected email attachment. Once opened, that malware contacts the attacker's server then downloads and installs the Dyre malware which hijacks the user's address book and mails itself throughout the organization.

Then things get real fun. When a victim with an infected computer attempts to log in to a banking site monitored by the malware, it throws up a new screen that says that the site is experiencing issues and presents a phone number for that person to call to make their transaction. Once the attackers have all the information, a wire transfer is made that runs through a series of international banks to thwart authorities.

The entire attack relies on social engineering. The victims have to open the initial attachment and make the phone call that could cost their company a lot of money. This circumvents passwords and two-factor authentication because it goes around the digital entrance and gets critical information directly from the victim. IBM recommends companies train their employees to never open or click suspicious attachments or links and to remind employees that banks will never ask them for their banking credentials.

[Image Credit: IBM]

Source: IBM
In this article: DyreWolf, IBM, Malware, Security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
509 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
iFixit's iPhone 11 Pro Max teardown investigates charging rumors

iFixit's iPhone 11 Pro Max teardown investigates charging rumors

View
TiVo wants to make a comeback with $50 Android TV dongle

TiVo wants to make a comeback with $50 Android TV dongle

View
Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

Neo Geo retro stick console includes 'King of Fighters,' 'Samurai Shodown'

View
Watch the 'Android' Nokia phone that never had a chance to exist

Watch the 'Android' Nokia phone that never had a chance to exist

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr