“Dyre Wolf” online banking campaign bypasses two-factor authentication – $1 million stolen

IBM researchers have identified a new campaign with “a formidable success rate” that has already stolen more than $1 million from corporate banking accounts by using a combination of malware and social engineering.

A new report (The Dyre Wolf: Attacks on Corporate Banking Accounts) reveals that Dyre Wolf uses phishing and the popular Dyre/Dyreza banking trojan to bypass two-factor authentication and transfer money out of bank accounts.

In a blog about the Dyre Wolf campaign, IBM warns that “the majority of antivirus tools frequently used as an organization’s first line of defense did not detect this malware.”

Source: IBM

Source: IBM

The blog explains:

“Once the infected victim tries to log in to one of the hundreds of bank websites for which Dyre is programmed to monitor, a new screen will appear instead of the corporate banking site. The page will explain the site is experiencing issues and that the victim should call the number provided to get help logging in.

“One of the many interesting things with this campaign is that the attackers are bold enough to use the same phone number for each website and know when victims will call and which bank to answer as. This all results in successfully duping their victims into providing their organizations’ banking credentials.

“As soon as the victim hangs up the phone, the wire transfer is complete. The money starts its journey and bounces from foreign bank to foreign bank to circumvent detection by the bank and law enforcement. One organization targeted with the campaign also experienced a DDoS [distributed denial of service]. IBM assumes this was to distract it from finding the wire transfer until it was too late.”

Phishing awareness training

An organization’s security posture is only as strong as its weakest link. According to IBM, “95% of all attacks involved some type of human error”.

IBM recommends that employees should be trained “on security best practices and how to report suspicious activity” and that organizations should conduct “periodic mock-phishing exercises where employees receive emails or attachments that simulate malicious behavior.”

IT Governance’s Employee Phishing Vulnerability Assessment will identify potential vulnerabilities among your employees and provide recommendations to improve your security, giving you a broad understanding of how you are at risk and what you need to do to address these risks.

Ensure your staff do not inadvertently put your information – and revenue – at risk. Find out how vulnerable you really are >>