Dyre Wolf Attack Reels in over $1 Million in Wire Transfers

IBM’s Security division has been researching a malware attack they have named ‘The Dyre Wolf’ which is said to have been responsible for stealing over $1 million.

It is said that the hacking campaign uses targeted spear phishing emails, malware and a phone conversation on organisations that use wire transfers.

IBM stated that the attack starts with a single user opening an infected email attachment, having it contacting the attacker’s website and downloading the Dyre malware that hijacks the user’s address book and mails itself through the organisation.

After the infection mentioned above takes place, if a user attempts to log into a banking site, it loads up a new screen that says the site is experiencing issues and shows a phone number for the user to call and make their transaction.

Once the attacker has all the user’s details, a wire transfer is made that runs through a series of international banks. IBM recommends that companies train their employees not to open suspicious attachments or links and remind them that banks do not request their banking credentials in any way.

Thank you Engadget for providing us with this information

JPMorgan Customers Target in Huge Phishing Campaign

JPMorgan, the No. 1 U.S. bank by assets, has confirmed that spammers have launched a phishing campaign targeting its customers. The spam-campaign is dubbed Smash and Grab and was launched on Tuesday by an unknown group. It however bears the resemblance of Eastern European cybercrime gangs and most of the infrastructure used in the campaign is located in Russia and Ukraine.

“It looks like they sent it out to lots of people in hopes that some of them might be JPMorgan Chase customers,” said bank spokeswoman Trish Wexler.

Most of the spam was stopped by filters in place by the large providers, but some will always manage to get through. And the phishing mail looks very realistic as it uses original email parts to fake it. The attack is somewhat unusual as it doesn’t just try to grab the credentials of unknowing users, it also tries to infect the PC’s with malware at the same time.

Users who click on the included malicious link are asked to enter credentials for accessing accounts with JPMorgan. Even if they do not comply with this request, the site attempts to automatically install the Dyre banking Trojan on their PCs, according to Proofpoint. Dyre is a recently discovered piece of malware that seeks credentials from customers of Bank of America Corp, Citigroup Inc and the Royal Bank of Scotland Group Plc.

Proofpoint saw about 150,000 emails from the group on Tuesday, the first day it noticed the campaign among its customers in the Fortune 500 and higher education. That makes it a moderately large campaign, but the largest attempts involve sending more than 1 million pieces of spam over a few days to Proofpoint clients, said Proofpoint’s VP of Threat Research Mike Horn.

The firm manages over 100 million email accounts. Horn said that Proofpoint quickly identified the spam and was able to stop it from infecting its customers, but was not sure how effective it was at infecting others.

Thank you Reuters for providing us with this information.

Image courtesy of Reuters.