- April 15, 2015
- Computer Security News
- 0 Comments
Computer security experts at IBM Security recently released a report about a new variant of Dyre malware called Dyre Wolf. This version of the malware targets companies and their bank accounts using social engineering techniques that bypass two-factor authentication. Companies that have fallen victim to Dyre Wolf have lost between $500,000 to $1.5 million, as the people behind the scheme are familiar with online banking platforms and their back-end systems. Computer repair experts share that the Dyre malware code discovered contained over 500 URLs from over 200 banks.
How Dyre Wolf Works
Portland computer repair specialists state that Dyre Wolf generally begins as a phishing email that contains an attached zipped executable file or a document. After an employee opens the attachment, Dyre sends malicious spam to the people on the individual’s contact list.
Dyre Wolf monitor’s the employee’s online activity. When an employee attempts to log on to the company’s banking website, the malware sends them to a fake look-alike page that states that bank’s site is experiencing technical issues. The fake page instructs the employee to call the provided fake customer service number for login assistance.
Because of sophisticated technologies, the attackers know which bank to answer as when an individual calls. After tricking the person into to reveal credentials and sensitive information about the company bank account, the attackers use the information to schedule wire transfers to foreign banks, verify the transactions on behalf of the victim and get around out-of-band phone call authentication.
In some instances, Dyre Wolf causes companies to experience distributed denial-of-service (DDoS) attacks to distract victims as the wire transfers take place.
Avoiding Dyre Wolf at Your Company
Computer repair specialists state that Dyre Wolf takes advantage of your company’s weakest link—your employees. According to IBM, 95 percent of attacks involve human error.
Preventing a Dyre Wolf or a similar attack begins with employee training by computer security experts. Training topics to cover include:
- Online and email security best practices
- How to respond to and report suspicious activity
- Current online threats
- Preventive measures
- Best practices regarding the release of sensitive information, such as banking credentials
Experts recommend that companies regularly remind employees about safe emailing practices. It may also be a good idea to conduct mock-phishing exercises to see how employees respond.
To learn more about the cyber attacks that your company is vulnerable to or to learn more about employee training, contact the Portland computer repair experts at Happy Hamster.