With spring arriving, “winter is coming” as the new season of the critically-acclaimed television series Game of Thrones returns to millions of viewers worldwide. Ironically, there’s also a type of malware gaining traction in the online community that matches its bark with its bite, aptly dubbed Dyre Wolf. This threat has the potential to cost businesses as much as $1.5 million per hack, and takes advantage of the ever-common spear phishing tactic.

The threat, which was discovered last October by John Kuhn of IBM, reports that Dyre Wolf follows the recent trend in which hackers turn to sophisticated social engineering attacks to get what they want. ZDNet reports that this threat uses the Dyre banking trojan to infiltrate IT infrastructures and steal immense amounts of cash.

To keep your business from arriving at the same fate as Ned Stark from Game of Thrones (and Sean Bean’s characters in general), you need to understand just how dangerous Dyre Wolf really is. Just like a bite from Ghost the Dire Wolf, this malware can leave your business crippled, if not finished completely.

Normally, trojans only go after individual bank accounts held by unsuspecting individuals; however, Dyre Wolf targets the accounts of big business to leave them hurting. This is why it’s always best to make sure your team knows how to identify and avoid social engineering threats that take advantage of coercion of the human mind. To accomplish this goal, Dyre Wolf uses a seven step process:

dyre wolf

  • Step 1: Spear Phishing Attacks. The employee will receive a phony email that houses the Upatre malware. This malware is designed to download the Dyre Trojan.
  • Step 2: Execution. The Upatre malware installs itself on the computer when opening an infected attachment.
  • Step 3: Communication. Upatre downloads Dyre onto the infected system.
  • Step 4: Watching and Waiting. Dyre observes the browsing behavior of the infected PC, waiting for the victim to visit one of several hundred banking websites. It then displays a message claiming that there’s an issue with the account, along with a fake support phone number.
  • Step 5: The Fake Phone Call. The user calls the fake number and is greeted by a human voice, rather than an automated one. The hacker then proceeds to gather sensitive information and credentials, unbeknownst to the user.
  • Step 6: The Wire Transfer. The criminal arranges for the money transfer using the stolen credentials.
  • Step 7: DDoS. While the money is being transferred, the targeted organization will experience a distributed denial of service attack. The concept behind this is that the victim’s institution will be too busy dealing with the downtime to realize that they’ve been robbed.

Knowing how the threat executes its attack is the first step to protecting your business, but the heart of this problem (and of any phishing attack) lies in how your team responds to the potential threat. Social engineering takes advantage of people not knowing how to identify scams. Therefore, the best thing you can teach your team is how to identify and prevent phishing attacks before it’s too late.

IBM suggests the following steps be taken to make sure your team is as prepared as possible to deal with phishing scams:

  • Make sure that employees understand security best practices, and how to report suspicious behavior.
  • Perform practice mock exercises to get a feel for how well your employees identify sketchy attachments and email messages. These would be designed to simulate real criminal behavior, and as such, should be an effective means for helping you gather information.
  • Offer advanced security training that helps employees understand why they must be on the lookout for suspicious online behavior, and what they can do about it should they encounter it.
  • Train employees on how to respond to banking threats, and make sure they know that banks will never request sensitive information that could compromise your account.

For more best practices on how to optimize security, give Net It On, LLC a call at (732) 360-2999.

April 24, 2015
Directive