Recent cyber attacks on corporations are displaying a frightening level of sophistication that combines spear phishing, social engineering & malware.–PC Pitstop
Spear Phishing & Malware – A Lethal Combination
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
A Combo of Spear Phishing, Social Engineering and DDoS Attacks
IBM reported that the last 12 months, spear phishing campaigns were used to initially infect employee workstations with the Upatre downloader. Once infected, this pulls down the Dyre Trojan which starts monitoring the machine and records which bank sites are accessed. As part of the installation, the Dyre malware establishes persistence by creating a service innocuously named “Google Update Service”. This service is set to run automatically each time the system restarts.
Once one of the hundreds of bank sites that Dyre was built to exploit comes up, Dyre creates a fake screen that tells the user that the bank’s site is having problems and to call a certain number. The employee who calls the number is connected to an English-speaking criminal operator who already knows what bank the users think they are contacting.
The operator then social engineers the user and gets their banking details. Immediately after, large wire transfers are made out of the compromised account. The wires are then rapidly moved over a series of international banks until they are cashed out by money mules. In one instance, IBM said, the gang hit the victim company with a denial of service attack — essentially bringing down their Web capabilities — so it would not discover the theft until much later.
“What’s very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques that I think are unprecedented,” said Caleb Barlow, vice president of IBM Security. “The focus on wire transfers of large sums of money really got our attention.”
