Give us a call

Ferrum Technology Services Blog

Ferrum Technology Services has been serving the Elgin area since 2007, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Dyre Wolf Malware Bleeds Businesses of $1.5 Million Per Hack

b2ap3_thumbnail_dyre_wolf_phishing_400.jpgWith spring arriving, “winter is coming” as the new season of the critically-acclaimed television series Game of Thrones returns to millions of viewers worldwide. Ironically, there’s also a type of malware gaining traction in the online community that matches its bark with its bite, aptly dubbed Dyre Wolf. This threat has the potential to cost businesses as much as $1.5 million per hack, and takes advantage of the ever-common spear phishing tactic.

The threat, which was discovered last October by John Kuhn of IBM, reports that Dyre Wolf follows the recent trend in which hackers turn to sophisticated social engineering attacks to get what they want. ZDNet reports that this threat uses the Dyre banking trojan to infiltrate IT infrastructures and steal immense amounts of cash.

To keep your business from arriving at the same fate as Ned Stark from Game of Thrones (and Sean Bean’s characters in general), you need to understand just how dangerous Dyre Wolf really is. Just like a bite from Ghost the Dire Wolf, this malware can leave your business crippled, if not finished completely.

Normally, trojans only go after individual bank accounts held by unsuspecting individuals; however, Dyre Wolf targets the accounts of big business to leave them hurting. This is why it’s always best to make sure your team knows how to identify and avoid social engineering threats that take advantage of coercion of the human mind. To accomplish this goal, Dyre Wolf uses a seven step process:

dyre wolf

  • Step 1: Spear Phishing Attacks. The employee will receive a phony email that houses the Upatre malware. This malware is designed to download the Dyre Trojan.
  • Step 2: Execution. The Upatre malware installs itself on the computer when opening an infected attachment.
  • Step 3: Communication. Upatre downloads Dyre onto the infected system.
  • Step 4: Watching and Waiting. Dyre observes the browsing behavior of the infected PC, waiting for the victim to visit one of several hundred banking websites. It then displays a message claiming that there’s an issue with the account, along with a fake support phone number.
  • Step 5: The Fake Phone Call. The user calls the fake number and is greeted by a human voice, rather than an automated one. The hacker then proceeds to gather sensitive information and credentials, unbeknownst to the user.
  • Step 6: The Wire Transfer. The criminal arranges for the money transfer using the stolen credentials.
  • Step 7: DDoS. While the money is being transferred, the targeted organization will experience a distributed denial of service attack. The concept behind this is that the victim’s institution will be too busy dealing with the downtime to realize that they’ve been robbed.

Knowing how the threat executes its attack is the first step to protecting your business, but the heart of this problem (and of any phishing attack) lies in how your team responds to the potential threat. Social engineering takes advantage of people not knowing how to identify scams. Therefore, the best thing you can teach your team is how to identify and prevent phishing attacks before it’s too late.

IBM suggests the following steps be taken to make sure your team is as prepared as possible to deal with phishing scams:

  • Make sure that employees understand security best practices, and how to report suspicious behavior.
  • Perform practice mock exercises to get a feel for how well your employees identify sketchy attachments and email messages. These would be designed to simulate real criminal behavior, and as such, should be an effective means for helping you gather information.
  • Offer advanced security training that helps employees understand why they must be on the lookout for suspicious online behavior, and what they can do about it should they encounter it.
  • Train employees on how to respond to banking threats, and make sure they know that banks will never request sensitive information that could compromise your account.

For more best practices on how to optimize security, give Ferrum Technology Services a call at (847) 697-3282.

Challenge: Can You Go a Single Day Without Your Ph...
The Problem with E-Waste is Worse Than We Thought
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 21 November 2024

Captcha Image

Blog Archive

2012
January
February
March
April
May
June
July
August
September
October
November
December
2011
January
February
March
April
May
June
July
August
September
October
November
December
2010
January
February
March
April
May
June
July
August
September
October
November
December
2009
January
February
March
April
May
June
July
August
September
October
November
December
2008
January
February
March
April
May
June
July
August
September
October
November
December
2007
January
February
March
April
May
June
July
August
September
October
November
December

Mobile? Grab this Article

QR Code

Contact us

Learn more about what Ferrum Technology Services can do for your business.