Last week, IBM Security reported on an active cyberheist campaign using a variant of the Dyre Trojan that has successfully stolen more than $1 million at a time from targeted enterprise organizations.
This is not an issue with any IBM software, rather an interesting innovation from the once-simple Dyre malware by adding advanced social engineering tactics geared to circumvent two-factor authentication. In recent incidents, organizations have lost staggering amounts of $500,000 and $1.5 million to this sophisticated criminal cyber gang.
It’s the “social engineering” portion that shows organizations that no matter how sophisticated your defenses, your users are now, and probably always will be, the weakest link in your security efforts. I’m sure that training your users against social engineering is not a very high priority, but it should be at the top of your security efforts.
IBM is very clear as to what you need to do to combat spearfishing and social engineering:
Organizations will remain only as strong as their weakest link. Proactive end-user education and security awareness training continue to be critical in helping prevent incidents like the one described in this advisory. It is highly recommended to have periodic training for end-users on the types of threats they are likely to encounter and what actions they should or should not take, especially those users with access to corporate banking credentials. Users should be informed of the common techniques used by attackers, SPAM and phishing campaigns, as well as what actions the organization expects of them if and when they receive unusual emails, phone calls or other communications. Users should know how and who to contact to quickly report anomalies.
Consider doing periodic unannounced mock phishing exercises where the users receive emails or attachments that simulate malicious behavior. Metrics can be captured on how many potential incidents would have happened if it had been real.
You may read the full report here.
Gregg Eldred 