Dyre Wolf

Dyre Wolf is an ongoing and complex attack that combines multiple types of attacks into one large scam that has managed to make the attackers millions of dollars from companies. The attack consists of an initial spear phishing attack on a company. Contained within the email is an installer that will install the program upatre that is commonly disguised as pdf or some other file type. Once installed the attacker is allowed access to the computer by the installed software. The attacker installs Dyre onto the victims computer which allows the attacker to modify information when he chooses. The attack really ramps up when the victim goes to log into the bank. Dyre allows the attacker to modify the page returned to show a fake phone number and a message telling the user to call the number to resolve the issues. At this point it is up to the attacker to use social engineering to coerce the proper banking information out of the user. Once this happens the attacker will go and transfer the money to an account that is offshore commonly. Then the attacker will run a DDoS attack against the company to try and throw the company off from what happened and slow the companies ability to figure out who the attacker was.

Some steps to help prevent this would include making sure that people know to report anything that seems suspicious. Run mock phishing attacks against your users to help train them to look for the suspicious emails.

Samuel Mosher

http://securityintelligence.com/dyre-wolf/#.VTVUByFVhBc

http://phishme.com/evolution-upatre-dyre/

Advertisements

Uber Car Service Hack

It was revealed February 27th of this year that the one of the databases that the car service Uber owns was hacked on May 13th 2014. The vulnerability was not discovered until September 17th of that year. The information that Uber released appears to show that the vulnerability was only exploited once, and it appears that there were 50000 employees affected by the breach. The database contained the drivers full names and their licence numbers.

Upon discovery of the breach the company changed the access protocols. It does not currently seem like there was any customer information lost, and there only seems to be one instance of unauthorized access. Uber has given its employees a year of free credit  monitoring through the company Experian.

At this point there still does not appear to be any fraudulent activity among any of the 50000 people who were affected. Uber has created a lawsuit which allows them to investigate the intrusion and try to determine the name of the person who did the attack.

http://blog.uber.com/2-27-15

Samuel Mosher