Dyre Wolf attacks

How to Protect your Business from a Dyre Wolf Attack

The evolution of a recent cyber-criminal threat illustrates how social engineering exploits the weakest link in data security

iStock_000034000002MediumData security threats are constantly evolving to elude detection. A recent example, the Dyre Wolf campaign, highlights the use of social engineering techniques to obtain credentials and gain access to otherwise secure banking sites. People are the weakest link in any data security defense and Dyre Wolf illustrates perfectly why this is the case.

What is Dyre Wolf?

Dyre wolf is an iteration of the Dyre malware that surfaced last year. Well-funded and organized cyber criminals recently used Dyre Wolf to steal more than $1 million from organizations that regularly transfer large sums between banks.

“This new strain is an example of malware in the wild, morphing into a threat that slips undetected past spyware and Antivirus programs,” stated Carl Mazzanti, CEO, eMazzanti Technologies. “Dyre Wolf is an unfortunate example of using social engineering to acquire account access credentials for the purpose of stealing large sums.”

How does it work?

Any businesses that transfer funds, and the banks where their accounts are located, are at risk. For an attack to be successful, a number of actions need to take place at the targeted enterprise.

  • First, a user clicks on a phishing email to accept the malware package installation on their computer.  Next, he uses that computer to access one of the hundreds of banking websites that Dyre is programed to monitor.
  • At that point, the user will be redirected during logon to a FALSE bank web page that is bold enough to instruct the user to call a phone number and interact with a live operator.
  • Once engaged, the operator collects the account credentials from the victim. This information is used to sign on and authenticate as the user and to later empty the account with a bank wire transfer to foreign accounts.
  • A DDoS attack may follow to delay investigation of the theft.

Smaller banks and credit unions have been largely untouched by Dyre Wolf since the writers of the threat initially focused on larger targets.  As the perpetrators earn money, we can be sure that their investments to increase the scope of banks and credit unions targeted will expand rapidly.

With few malware and spyware products detecting this strand of Dyre there are no current metrics that outline the extent of the infections.  As Dyre can sit dormant for long periods of time, we must wait to see how many systems are infected and accounts compromised.

How does a business protect itself?

According to an April 3, 2015, article on ZDNet, security experts say that a comprehensive approach to address the human factor will best protect against the threat. They recommend that businesses:

  • Train employees on security best practices and how to report suspicious activity.
  • Consider conducting periodic mock-phishing exercises where employees receive emails or attachments that simulate malicious behavior. Metrics can be captured on how many potential incidents would have happened had the exercise been a real attack. Use these findings as a way to discuss the growing security threats with employees.
  • Offer security training to employees to help understand threats and measures they can take to protect the organization.
  • Provide regular reminders to employees on phishing and spam campaigns and that they shouldn’t open suspicious attachments or links from both work and personal emails.
  • Train employees in charge of corporate banking to never provide banking credentials to anyone. The banks will never ask for this information.

How does a financial institution protect itself?

Some credit unions and banks have set up phone system announcements to educate customers that dial into their systems.  Most likely, the writers of Dyre Wolf will not copy the complete auto attendant navigation trees in phone systems to trick inbound callers. To be safe, Banks and Credit Unions could educate their customer base to use a validation method only available to the bank through their auto attendant.

Another defense against the threat leverages mobile banking. When a patron calls in, the bank must verify a code sent to a mobile phone registered on the account to confirm the caller’s identity, and at the same time, that the bank is in fact the institution the patron thinks he or she is communicating with.

eMazzanti Can Help

Companies with inadequate data security are putting themselves at risk by increasing the likelihood of a successful Dyre Wolf or similar attack. They may suffer the costs of a security breach, including the loss of customer data, assets, revenue and reputation.

eMazzanti is ready to show business leaders how effective employee training combined with advanced data security technology will protect customer data and safeguard valuable business assets from Dyre Wolf attacks and other cyber-crime threats.

Strengthen network security and defend your business from loss of assets, revenue and reputation with eCare managed data security services. To explore the options, contact eMazzanti Technologies at [email protected] or call 1-866-EMAZZANTI.

Carl Mazzanti is Co-Founder and President of eMazzanti Technologies, Microsoft’s four time Partner of the Year and one of the premier IT consulting services for businesses throughout the New York metropolitan area and internationally. Carl and his company manage over 400 active accounts ranging from professional services firms to high-end global retailers.

eMazzanti is all about delivering powerful, efficient outsourced IT services, such as computer network management and troubleshooting, managed print, PCI DSS compliance, green computing, mobile workforce technology, information security, cloud computing, and business continuity and disaster recovery.  

Carl Mazzanti is also a frequent business conference speaker and technology talk show guest and contributor at Microsoft-focused events, including frequent prominent roles at the Microsoft Inspire (Worldwide Partner Conference / WPC).

Carl, a serial Entrepreneur, gives back to the community through Entrepreneur teaching engagements at Georgetown University, the company’s ocean wildlife conservation effort, the Blue Project, and Tree Mazzanti.



Video Resources

Are You It Resources Effective In The New Normal


Are Your IT Resources Effective in the New Normal?

Align2020 A Virtual Conference


Align 2020
Cyber Security, Compliance & Collaboration

Best Practices For Working In A Modern, Mobile, And Secure Environment


Best Practices for Working in a Modern, Mobile, and Secure Environment