Newest fraud scam recently discovered by IBM security researchers, scamming scheme run by Eastern European cyber criminals. What is special about this sophisticated fraud organisation is social engendering on very skilled level of manipulation over phone calls, phishing, malware and infecting targeted victims, similar to what we have seen in the movie “Wolf of wall street”
The cyber criminals have targeted a multitude of North America based large and medium-sized companies which, in order to transfer larger sums of money, used wire transfer. A transaction itself was protected by two-factor authentication, so cyber criminals had to targeted companies employees in order to infect as many computers by sending phishing emails.
Anatomy of the Cyber attack
Once the phishing emails have bean opened by employees with attachment usually a financial relevant document or in this case an invoice, but is actually an “Uptre downloader”
The Upatre downloader is the medium that was used to set numerous banking Trojan and ransomware attacks to the front door of countless victims at great cost. When Dyre is executed, Uptre downloader removes itself. An extensive functionality of Dyre is password stealing and hijack victim’s browser in order to obtain credentials of users when they visit targeted bank site. What happen next is another social engineering trick, when an employee open bank site that malware is monitoring, it displays a message that bank experiencing issues at the moment and phone number provided to approve the transaction? A Real person with American accent answers to assists with transaction pretending to be an employee of targeted bank, when the victim hangs up the phone wire transfer is already finished on another end of the phone. At this point when money is being transferred from bank to bank in various offshore accounts, the targeted company will be subjected to heavy DDoS attack, preventing the victim from accessing the bank account for future inspection. That went undetected by most of the antivirus software for eight months in the period of 2014-2015. IBM
A crucial element in preventing that sort of attacks is the human element, all employees should be trained and aware that no bank will request personal credentials such as username and password over email or phone call. When that happens users should call their local bank by already having their phone numbers on a piece of paper.
Researchers and intelligence report supplied by IBM security researchers John Kuhn, Lance Mueller and Limor Kessem. Document can be found here