IBM security researchers uncover new, sophisticated online fraud
07 Apr 2015
IBM security researchers have uncovered a new, sophisticated online fraud that has resulted in the loss of over $1 million for various businesses and organisations.
The malware, called "Dyre Wolf," added sophisticated techniques to the original Dyre malware to bypass two-factor authentication.
The modus operandi was explained by the security researchers in a blog post.
The hackers sent spam emails with attachments containing the malware over the last year and waited for the phishing victims to access their online banking accounts.
A fake screen would be displayed alerting the victim that there was a problem on the account and he or she had to call a certain number for assistance. Once the victim called the number, the hacker, who acted as a live operator, would ask for the banking details and quickly facilitate a wire transfer. As soon as the call ended, the bank transfer was also completed.
What was different about the fraud from other similar schemes was the use of a live operator. According to Reuters, the hackers were said to be based in Eastern Europe.
"What's very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques I think are unprecedented," Caleb Barlow, vice president of IBM Security, said to Reuters. "The focus on wire transfers of large sums of money really got our attention."
The Dyre Wolf assault was sophisticated as attackers could bypass the two-factor authentication, used in several online accounts. The malware was sent through users' emails with suspicious attachments or fake links.
''Organizations are only as strong as their weakest link, and in this case, it's their employees,'' said Caleb Barlow, IBM Security vice-president.
According to Barlow, the use of social engineering techniques was unprecedented and the huge wire transfers had drawn their attention. The cyber gang also used a fake site to claim that the legitimate site was down or under maintenance.
Users were then prompted to call the support and convinced the victims into divulging their credentials. The customer support, an English-speaking person was aware about the victim's account.
The transferred money was routed through several foreign banks to avoid detection by law enforcement agencies. IBM claimed that 95 per cent human error was the cause of the attacks and no rule existed that would prevent these attacks. The only way to prevent these types of attacks was to not click on suspicious attachments or links.