Modern cyber criminals are using more sophisticated blended attacks to achieve some pretty spectacular monetary hauls. The Dyre Wolf malware exploits is currently be combined with a spear-phishing approach, a telephone based social engineering middle, and a distributed denial of service (DDOS) attack on the back end to access corporate bank accounts and wire transfer large sums of money. Originally uncovered by IBM’s security team in 2014, this exploit had netted on cyber-crime group over $1 million dollars. The IBM infographic below explains how the attack is payed out.
Again, the only way to really protect your business for the Dyre Wolf and similar exploits is through employee training. The research undertaken by these criminal groups before launching their attack means the spear-phishing email will be cleverly crafted to appear legitimate, possibly originating from a real vendor or supplier. Employees in charge of banking operations need to be trained in proper procedures. A bank with never ask for banking credentials, and employees should be warned never to provide these to anyone. Using a dedicated non-Windows banking computer or a banking Live CD can thwart the malware installation at the heart of this exploit. We like Linux based computers or Google’s Chromebook for dedicated banking systems.
More info:
Share
APR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com