Dyre Wolf Malware Nets Cyber Criminals Millions From The Enterprise
Like most malware, Dyre needs to infect a PC in order to work. This can be done via a number of different methods, but email is the most common. Once someone takes the bait, the waiting game begins for a bank transfer to be made. If the thieves behind Dyre are lucky enough to infect an important PC, an error message will be displayed in the event that a bank transfer is initiated, complete with a phone number to call to initiate a manual transfer.
There are a couple of interesting aspects to this: Dyre (or 'Dyre Wolf' as IBM calls it) supports the detection of a few hundred banks, and the phone number included in the error message is the same regardless of which one was detected. I'd assume that as soon as an error message spawns, a notification is sent back to home base that tells the operator which bank website was being used at that moment.
Nonetheless, because the thief picks up the phone on behalf of the correct bank, the victim is none-the-wiser. As soon as the victim hangs up, the money has been transferred - just not to the right account.
One of the biggest issues with Dyre is that it isn't picked up by most anti-virus solutions, and ultimately, it's not even the malware that conducts the dastardly deed. Ultimately, it's social engineering that makes this all work.
That being the case, this is one of those instances when anti-malware protection doesn't matter that much. Instead, companies need to better train their employees to handle situations like these effectively, and also waste no time in reporting suspicious activity. IBM even goes on to say that it'd be useful for companies to stage phishing attempts to test their employees' ability to combat it.
If there's one thing that Dyre highlights, it's that it's not actually that hard to rip-off even the largest of companies, regardless of how much security they have. Ultimately, humans prove to be the weakest link.