Winter is coming for the organizations that make use of wire transfers.
According to IBM’s Security Intelligence division, a new threat to payments security has been discovered. Called “The Dyre Wolf,” the malware attack has already been used to transfer $1 million into the pockets of cybercriminals.
According to IBM, Dyre Wolf starts with a phishing scam with an infected email. Once the email is opened, the malware contacts the attacker’s server and drops the Dyre malware into the machine, which then hijacks the user’s address book so it can continue propagating itself.
Most of this is SOP for malware these days. What sets Dyre Wolf apart is what happens next. When a victim with an infected computer logs into online banking, they get an error message saying online banking is down and then are encouraged to call a phone number to complete their transaction.
Once the attackers have gotten victims to phone in all their information, a wire transfer is made that runs through a series of international banks to thwart authorities.
The brilliance of this particular hack is that it uses “social engineering” to bypass standard security protocols like passwords and two-factor authentication. By getting users to call in and voluntarily share their information, crooks get an easy method by which to gain a digital entrance.
IBM recommends that businesses retrain their employees to never open or click suspicious attachments or links. IBM further recommends that employees need to be clear that legitimate banks will never call looking for account or other sensitive information.