Dyre Wolf

Dyre Wolf is an ongoing and complex attack that combines multiple types of attacks into one large scam that has managed to make the attackers millions of dollars from companies. The attack consists of an initial spear phishing attack on a company. Contained within the email is an installer that will install the program upatre that is commonly disguised as pdf or some other file type. Once installed the attacker is allowed access to the computer by the installed software. The attacker installs Dyre onto the victims computer which allows the attacker to modify information when he chooses. The attack really ramps up when the victim goes to log into the bank. Dyre allows the attacker to modify the page returned to show a fake phone number and a message telling the user to call the number to resolve the issues. At this point it is up to the attacker to use social engineering to coerce the proper banking information out of the user. Once this happens the attacker will go and transfer the money to an account that is offshore commonly. Then the attacker will run a DDoS attack against the company to try and throw the company off from what happened and slow the companies ability to figure out who the attacker was.

Some steps to help prevent this would include making sure that people know to report anything that seems suspicious. Run mock phishing attacks against your users to help train them to look for the suspicious emails.

Samuel Mosher