IBM security researchers uncover new, sophisticated online fraud

07 Apr 2015

1

IBM security researchers have uncovered a new, sophisticated online fraud that has resulted in the loss of over $1 million for various businesses and organisations.

The malware, called "Dyre Wolf," added sophisticated techniques to the original Dyre malware to bypass two-factor authentication.

The modus operandi was explained by the security researchers in a blog post.

The hackers sent spam emails with attachments containing the malware over the last year and waited  for the phishing victims to access their online banking accounts.

A fake screen would be displayed alerting the victim that there was a problem on the account and he or she had to call a certain number for assistance. Once the victim called the number, the hacker, who acted as a live operator, would ask for the banking details and quickly facilitate a wire transfer. As soon as the call ended, the bank transfer was also completed.

What was different about the fraud from other similar schemes was the use of a live operator. According to Reuters, the hackers were said to be based in Eastern Europe.

"What's very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques I think are unprecedented," Caleb Barlow, vice president of IBM Security, said to Reuters. "The focus on wire transfers of large sums of money really got our attention."

The Dyre Wolf assault was sophisticated as attackers could bypass the two-factor authentication, used in several online accounts. The malware was sent through users' emails with suspicious attachments or fake links.

''Organizations are only as strong as their weakest link, and in this case, it's their employees,'' said Caleb Barlow, IBM Security vice-president.

According to Barlow, the use of social engineering techniques was unprecedented and the huge wire transfers had drawn their attention. The cyber gang also used  a fake site to claim that the legitimate site was down or under maintenance.

Users were then prompted to call the support and convinced the victims into divulging their credentials. The customer support, an English-speaking person was aware about the victim's account.

The transferred money was routed through several foreign banks to avoid detection by law enforcement agencies. IBM claimed that 95 per cent human error was the cause of the attacks and no rule existed that would prevent these attacks. The only way to prevent these types of attacks was to not click on suspicious attachments or links.

 

Business History Videos

History of hovercraft Part 3 | Industry study | Business History

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2 | Industry study | Business History

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1 | Industry study | Business History

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | Industry study | Business History

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more
View details about the software product Informachine News Trackers