The scheme uses phishing, malware and phone and has nicked more than $1 million from large and medium-sized US companies.
Dubbed Dyre Wolf, the operation is small in comparison with more recent widespread online fraud schemes but what is scary is how sophisticated it is and that it could be scaled up.
Last year the attackers have been targeting people working in companies by sending spam email with unsafe attachments to get a variant of the malware known as Dyre into as many computers as possible.
If installed, the malware waits until it recognizes that the user is navigating to a bank website and instantly creates a fake screen telling the user that the bank’s site is having problems and to call a certain number.
If people call that number, they get through to an English-speaking operator who already knows what bank the users think they are contacting. The operator then elicits the users’ banking details and immediately starts a large wire transfer to take money out of the relevant account.
The use of a live phone operator is what makes the scheme unique, said Caleb Barlow, vice president of IBM Security.
“What’s very different in this case, is we saw a pivot of the attackers to use a set of social engineering techniques that I think are unprecedented. The focus on wire transfers of large sums of money really got our attention.”
Once the transfer is complete, the money is then quickly moved from bank to bank to evade detection. In one instance, IBM said, the gang hit the victim company with a denial of service attack – essentially bringing down their Web capabilities – so it would not discover the theft until much later.