'Dyre Wolf' Malware Broadams Scam, Utilizing Fake 'Live Operators' For $1 Million Theft

IBM security researchers have identified a new, sophisticated online fraud scheme that has resulted in the loss of more than $1 million for various businesses and organizations. The malware, dubbed "Dyre Wolf," combined the original Dyre malware with sophisticated techniques to bypass two-factor authentication.

IBM security explained the "attack steps" of the hackers in a blog post. These hackers have been sending spam emails with attachments containing the malware since last year. The hackers wait for the phishing victims to access their online banking accounts. A fake screen will be displayed alerting the victim that there is a problem on the account and he or she has to call a certain number for assistance. Once the victim calls the number, the hacker, acting us as a live operator, will ask for the banking details and immediately facilitate a wire transfer. As soon as the call ends, the bank transfer is also completed.

The use of the live operator is what makes Dyre Wolf different from other fraud schemes. Hackers are believed to be based in Eastern Europe, according to Reuters.

"What's very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques I think are unprecedented," Caleb Barlow, vice president of IBM Security, said to Reuters. "The focus on wire transfers of large sums of money really got our attention."

What's disappointing in this incident is that Dyre Wolf malware is actually avoidable. IBM security says that 95 percent of the attacks were caused by human error or employees who fell victim to the phishing emails. To prevent a similar incidents, they recommend that companies have employees undergo security training and send out security reminders regularly.

IBM did not disclose the name of the businesses and organizations affected by the Dyre Wolf malware.

Tags
Ibm, Malware
Real Time Analytics