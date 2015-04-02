By Bill Rigby
| SEATTLE, April 2
SEATTLE, April 2 IBM has uncovered a
sophisticated fraud scheme run by a well- funded Eastern
European gang of cyber criminals that uses a combination of
phishing, malware and phone calls that the technology company
says has netted more than $1 million from large and medium-sized
U.S. companies.
The scheme, which IBM security researchers have dubbed "The
Dyre Wolf," is small in comparison with more recent widespread
online fraud schemes but represents a new level of
sophistication.
According to IBM, since last year the attackers have been
targeting people working in companies by sending spam email with
unsafe attachments to get a variant of the malware known as Dyre
into as many computers as possible.
If installed, the malware waits until it recognizes that the
user is navigating to a bank website and instantly creates a
fake screen telling the user that the bank's site is having
problems and to call a certain number.
If users call that number, they get through to an
English-speaking operator who already knows what bank the users
think they are contacting. The operator then elicits the users'
banking details and immediately starts a large wire transfer to
take money out of the relevant account.
The use of a live phone operator is what makes the scheme
unique, said Caleb Barlow, vice president of IBM Security.
"What's very different in this case, is we saw a pivot of
the attackers to use a set of social engineering techniques that
I think are unprecedented," said Barlow. "The focus on wire
transfers of large sums of money really got our attention."
IBM did not release any details on which companies fell prey
to the scheme or the location of the perpetrators.
Once the transfer is complete, the money is then quickly
moved from bank to bank to evade detection. In one instance, IBM
said, the gang hit the victim company with a denial of service
attack - essentially bringing down their Web capabilities - so
it would not discover the theft until much later.
International Business Machines Corp's security unit
is recommending that companies make sure employees are trained
in spotting phishing attacks - where emails or attachments can
infect a computer - and to never provide banking credentials to
anyone.
The unit published a blog on the issue on its site at
www.securityintelligence.com/dyre-wolf.
(Reporting by Bill Rigby; Editing by Steve Orlofsky)