Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dyre Malware infographic

6,891 views

Published on

The Dyre malware evolved quickly following its initial discovery in the summer of 2014. This infographic details Dyre's tactics and its very rapid development throughout late 2014 and early 2015. IBM Security can help protect banks and banking customers against Dyre with its endpoint protection and fraud detection solutions. To learn more, visit http://ibmsec.co/Th8Ad.

Published in: Technology
  • Be the first to comment

Dyre Malware infographic

  1. 1. Dyre Strategy 2014 Milestones Dyre Tactics Defending against Dyre attacks How IBM Security helps defend banks from Dyre Endpoint Protection Fraud Detection Credentials and PII are sent to fraudster 4 DNS routing diverts user to fake website or proxy 3 Navigation to online banking website 2 Victim’s device gets infected with malware 1 Login to online banking 5 Money transfer to mule account 6 $ Online Banking Detect unique attributes of the infection process and helps to: $ Endpoint Protection Benefits IBM Security Trusteer Rapport • Prevent new infection • Remove existing infection • Secure the browser • Alert user on phishing sites • Notifiy bank for takedown Helps kill the attack BEFORE it even starts Consistent prevention across all Dyre versions ! Risk Detection Benefits • Dyre campaign against treasury website of major UK bank • 38 separate Dyre related account takeover attempts detected • As a result, bank was able to help prevent fund transfers Proxy Usage Pre-login Anomalies Device Spoofing Malware History Remote Access Tools In-Session Activity Fraud Indicators Login Activity Transactional Activity Dyre Malware Device and Connection Phishing emails customized to local languages Victim clicks on email or attachment - malware is triggered Victim attempts to login to banking website but is re-routed to fake website. Fraudster performs money transfer from victim’s account to mule account. September Attack against salesforce.com$ Victim’s device is infected with malware which remains dormant Victim unknowingly provides login credentials to fake website that are transferred to fraudsters 08:00 08:30 10:00 13:00 8:31 10:01 Attacks against Romanian, German and Swiss Banks October November Over 100 firms targeted First reports of attacks against US/UK targets June US Department of Homeland Security Dyre Alert October Attacks against targets in Australia and China December 2015 Milestones Server-side web inject capabilities added March Dyre anti-sandbox evasion reported April July Attacks against banks in Spain

×