The Channel logo


By | Kelly Fiveash 4th April 2015 18:47

Big Blue securo-bods warn of dire Dyre Wolf AMONG WOLVES

Malware campaign tricks $1m out of enterprise orgs

Infosec experts have spotted a nasty variant of a banking malware – dubbed Dyre Wolf – which involves a sophisticated two-factor authentication workaround that has apparently led to the theft of more than $1m from the biz world.

Wrongdoers have demonstrated what IBM Security described as "a brazen twist from the once-simple Dyre malware", which The Register has previously reported on.

The attack – which targets orgs that regularly carry out wire transfers with large sums of money – has proved to be a cash-generating campaign for the baddies courtesy of "sophisticated social engineering tactics", Big Blue said.

Worse still, IBM securo bods John Kuhn and Lance Mueller warned that, in many instances, antivirus tools had failed to detect the malware.

IBM reckoned that, according to its "cyber security intelligence index", a whopping 95 per cent of all attacks relied on a form of human error to successfully pinch cash from unsuspecting folk.

The researchers added:

Once the infected victim tries to log in to one of the hundreds of bank websites for which Dyre is programmed to monitor, a new screen will appear instead of the corporate banking site. The page will explain the site is experiencing issues and that the victim should call the number provided to get help logging in.

One of the many interesting things with this campaign is that the attackers are bold enough to use the same phone number for each website and know when victims will call and which bank to answer as. This all results in successfully duping their victims into providing their organizations’ banking credentials.

As soon as the victim hangs up the phone, the wire transfer is complete. The money starts its journey and bounces from foreign bank to foreign bank to circumvent detection by the bank and law enforcement. One organization targeted with the campaign also experienced a DDoS. IBM assumes this was to distract it from finding the wire transfer until it was too late.

Dyer Wolf attack steps. Pic credit: IBM security intelligence

Dark in the city night is a wire ... hungry like the wolf. Image credit: IBM Security

Big Blue's full fat version of the Dyre Wolf campaign can be viewed here (PDF). ®

comment icon Read 16 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe