Hackers Continue their Brazen Attacks on Organizations and are Even Having their Victims Call them on the Phone to Hustle them Out of their Company's Money. That's What IBM's Security Intelligence Division has Discovered while Researching a Malware-Based Attack they Have Dubbed, 'The Dyre Wolf', that's Responsible for Stealing More than $1 Million. The Coordinated Campaign Uses Targeted Spear Phishing Emails, Malware and Good ol' Chatting-on-the-Phone Social Engineering, to Go after Organizations that Use Wire Transfers. According to IBM Threat Researchers, the Attack Starts with a Single User Opening an Infected Email Attachment.
Once Opened, that Malware Contacts the Attacker's Server then Downloads and Installs the 'Dyre' Malware which Hijacks the User's Address Book and Mails itself throughout the Organization. Then Things Get Real Fun. When a Victim with an Infected Computer, Attempts to Login to a Banking Website Monitored by the Malware, it Throws Up a New Screen that Says that, the Site is Experiencing Issues and Presents a Phone Number for that Person to Call to Make their Transaction.
Once the Attackers Have All the Information, a Wire Transfer is Made that Runs through a Series of International Banks to Thwart Authorities. The Entire Attack Relies on Social Engineering. The Victims Have to Open the Initial Attachment and Make the Phone Call that Could Cost their Company a Lot of Money. This Circumvents Passwords and Two-Factor Authentication because, it Goes Around the Digital Entrance and Gets Critical Information Directly from the Victim. IBM Recommends Companies Train their Employees to Never Open or Click Suspicious Attachments or Links and to Remind Employees that Banks will Never Ask them for their Banking Credentials.
Info Sources:
http://arstechnica.com/security/2015/04/dyre-wolf-malware-steals-more-than-1-million-bypasses-2fa-protection
http://securityintelligence.com/dyre-wolf/#.VR8RFZTF_Aq
0 comentários:
Enviar um comentário