Downloaded 31 times
Uploaded byIBM Security
Dyre Malware infographic
The document details the Dyre malware, outlining its infection process and tactics for targeting online banking users, including DNS routing to fake websites and money transfers to mule accounts. It describes how IBM Security's Trusteer Rapport provides endpoint protection by preventing infections, securing browsers, and alerting users to phishing attempts. The document also highlights the detection of numerous Dyre-related account takeover attempts against a major UK bank and ongoing attacks against financial institutions worldwide.
More Related Content
![Profile Hierarchy GPON-FTTH [DASAN Networks]](https://cdn.slidesharecdn.com/ss_thumbnails/86809608-0d6f-4d60-944f-3784684360c3-150824163251-lva1-app6892-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Dyre Malware infographic
Dyre Malware infographic
- 1. Dyre Strategy 2014 Milestones DyreTactics Defending against Dyre attacks How IBM Security helps defend banks from Dyre Endpoint Protection Fraud Detection Credentials and PII are sent to fraudster 4 DNS routing diverts user to fake website or proxy 3 Navigation to online banking website 2 Victim’s device gets infected with malware 1 Login to online banking 5 Money transfer to mule account 6 $ Online Banking Detect unique attributes of the infection process and helps to: $ Endpoint Protection Benefits IBM Security Trusteer Rapport • Prevent new infection • Remove existing infection • Secure the browser • Alert user on phishing sites • Notifiy bank for takedown Helps kill the attack BEFORE it even starts Consistent prevention across all Dyre versions ! Risk Detection Benefits • Dyre campaign against treasury website of major UK bank • 38 separate Dyre related account takeover attempts detected • As a result, bank was able to help prevent fund transfers Proxy Usage Pre-login Anomalies Device Spoofing Malware History Remote Access Tools In-Session Activity Fraud Indicators Login Activity Transactional Activity Dyre Malware Device and Connection Phishing emails customized to local languages Victim clicks on email or attachment - malware is triggered Victim attempts to login to banking website but is re-routed to fake website. Fraudster performs money transfer from victim’s account to mule account. September Attack against salesforce.com$ Victim’s device is infected with malware which remains dormant Victim unknowingly provides login credentials to fake website that are transferred to fraudsters 08:00 08:30 10:00 13:00 8:31 10:01 Attacks against Romanian, German and Swiss Banks October November Over 100 firms targeted First reports of attacks against US/UK targets June US Department of Homeland Security Dyre Alert October Attacks against targets in Australia and China December 2015 Milestones Server-side web inject capabilities added March Dyre anti-sandbox evasion reported April July Attacks against banks in Spain