How Dyre Wolf Malware is Stealing Millions from Corporate Bank Accounts

microvisionsinc.comDyre Wolf has been unleashed on Corporate America.

This new and sophisticated attack, carried out by a seasoned gang of cyber criminals, utilizes malware and social engineering to dupe unsuspecting employees into divulging sensitive banking information. Millions of dollars have reportedly been stolen so far, and if your team isn’t properly trained and informed you could be next.

Here’s how it works: 

1.  Let’s say “Kelly”, your sales rep, gets an email alerting her that her package has been shipped or perhaps a large sales order is attached. Kelly clicks on the link, which is actually Upatre. Upatre quickly gets to work downloading Dyre and attempting to further spread the malware via Outlook to all Kelly’s coworkers and friends. The phishing emails containing the malware circulate through the company, now appearing as though they are coming directly from Kelly.

2.  A host of Kelly’s co-workers, including Bill in Accounts Payable, receive Kelly’s email and click the link. Again, Dyre is downloaded and continues the process infiltrating even further within the organization.

3.  Once downloaded, Dyre waits patiently. It covertly monitors everyone’s work until finally, Bill attempts to login to the corporate bank account.

4.  Alerted of the attempted login, Dyre launches a pop-up on Bill’s computer notifying him that there is trouble with the account and he must call the number given for help logging in.

5.  Bill calls the number on the screen, and a “helpful advisor” — armed with reassuring information such as Bill’s company and his bank or credit union’s name — is available to walk him through troubleshooting the error.

6.  While Bill works with the friendly and knowledgeable advisor to restore access to the account, he is also inadvertently providing the information necessary for this wolf in sheep’s clothing to carry out the next phase of the plan: Initiating a wire transfer and siphoning large sums of money out of the corporate account. The money is quickly routed from one foreign bank to another in order to cover Dyre Wolf’s tracks.

We’re guessing #7 has something to do with Bill carrying a cardboard box filled with his personal effects out to his car.

Sadly, the real tragedy in situations like this is how easily  it is to prevent attacks such as these. Of course you need good anti-virus protection installed to block these emails and attachments, but software remedies are no longer enough. You must, must, MUST inform your employees of how sophisticated and elaborate cyber attacks have become. Train them how to identify and report suspicious activity. Perhaps even set up a mock-phishing exercise that allows users to see how realistic these phishing and spam campaigns can appear. Lastly, make sure that your employees who have access to your most sensitive information fully understand security best practices. Your financial institution will never request your passwords and credentials over the phone.

For more information on security or help setting up a mock-phishing exercise CONTACT Micro Visions at 616.776.0400.

To have additional tips and tech information delivered right to your inbox SUBSCRIBE to our newsletter.