Your IT Support Experts

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

  

USA Computer Services Blog

USA Computer Services has been serving small and medium sized businesses since 2012, providing IT Support such as technical helpdesk support, computer support and consulting.

Dyre Wolf Malware Bleeds Businesses of $1.5 Million Per Hack

b2ap3_thumbnail_dyre_wolf_phishing_400.jpgWith spring arriving, “winter is coming” as the new season of the critically-acclaimed television series Game of Thrones returns to millions of viewers worldwide. Ironically, there’s also a type of malware gaining traction in the online community that matches its bark with its bite, aptly dubbed Dyre Wolf. This threat has the potential to cost businesses as much as $1.5 million per hack, and takes advantage of the ever-common spear phishing tactic.

The threat, which was discovered last October by John Kuhn of IBM, reports that Dyre Wolf follows the recent trend in which hackers turn to sophisticated social engineering attacks to get what they want. ZDNet reports that this threat uses the Dyre banking trojan to infiltrate IT infrastructures and steal immense amounts of cash.

To keep your business from arriving at the same fate as Ned Stark from Game of Thrones (and Sean Bean’s characters in general), you need to understand just how dangerous Dyre Wolf really is. Just like a bite from Ghost the Dire Wolf, this malware can leave your business crippled, if not finished completely.

Normally, trojans only go after individual bank accounts held by unsuspecting individuals; however, Dyre Wolf targets the accounts of big business to leave them hurting. This is why it’s always best to make sure your team knows how to identify and avoid social engineering threats that take advantage of coercion of the human mind. To accomplish this goal, Dyre Wolf uses a seven step process:

dyre wolf

  • Step 1: Spear Phishing Attacks. The employee will receive a phony email that houses the Upatre malware. This malware is designed to download the Dyre Trojan.
  • Step 2: Execution. The Upatre malware installs itself on the computer when opening an infected attachment.
  • Step 3: Communication. Upatre downloads Dyre onto the infected system.
  • Step 4: Watching and Waiting. Dyre observes the browsing behavior of the infected PC, waiting for the victim to visit one of several hundred banking websites. It then displays a message claiming that there’s an issue with the account, along with a fake support phone number.
  • Step 5: The Fake Phone Call. The user calls the fake number and is greeted by a human voice, rather than an automated one. The hacker then proceeds to gather sensitive information and credentials, unbeknownst to the user.
  • Step 6: The Wire Transfer. The criminal arranges for the money transfer using the stolen credentials.
  • Step 7: DDoS. While the money is being transferred, the targeted organization will experience a distributed denial of service attack. The concept behind this is that the victim’s institution will be too busy dealing with the downtime to realize that they’ve been robbed.

Knowing how the threat executes its attack is the first step to protecting your business, but the heart of this problem (and of any phishing attack) lies in how your team responds to the potential threat. Social engineering takes advantage of people not knowing how to identify scams. Therefore, the best thing you can teach your team is how to identify and prevent phishing attacks before it’s too late.

IBM suggests the following steps be taken to make sure your team is as prepared as possible to deal with phishing scams:

  • Make sure that employees understand security best practices, and how to report suspicious behavior.
  • Perform practice mock exercises to get a feel for how well your employees identify sketchy attachments and email messages. These would be designed to simulate real criminal behavior, and as such, should be an effective means for helping you gather information.
  • Offer advanced security training that helps employees understand why they must be on the lookout for suspicious online behavior, and what they can do about it should they encounter it.
  • Train employees on how to respond to banking threats, and make sure they know that banks will never request sensitive information that could compromise your account.

For more best practices on how to optimize security, give USA Computer Services a call at (704) 665-1619.

Challenge: Can You Go a Single Day Without Your Ph...
The Problem with E-Waste is Worse Than We Thought
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Friday, November 15, 2024

Captcha Image

Customer Login

Contact Us

Learn more about what USA Computer Services can do for your business.

Headquarters:
525 North Tryon St. #1600
Charlotte, NC 28202

Additional Location:
859 Willard St #400
Quincy, MA 02169
Additional Location:
60 State Street #700
Boston, MA 02129