IBM researchers reported late last week that they have identified an increase in the use of Dyre Wolf malware which has contributed to the loss of millions of dollars from victim companies. Dyre Wolf allows the intruders to spread malware spam through a mass mailing of victims’ contacts lists.

According to the IBM researchers, the cybercriminals’ recent use of Dyre Wolf “shows a brazen twist from the once-simple Dyre malware by adding sophisticated social engineering tactics likely to circumvent two-factor authentication. In recent incidents, organizations have lost between $500,000 and $1.5 million to attackers.” It appears that the attackers are “ targeting organizations that frequently conduct wire transfers with large sums of money” through phishing expeditions. When the expedition is complete, the intruders have obtained the credentials to complete wire transfers.

The IBM researchers conclude their report saying “[T]his campaign highlights the fact that organizations are only as strong as their weakest link, and in this case, it’s their employees. IBM’s Cyber Security Intelligence Index indicated 95 percent of all attacks involved some type of human error. These attackers rely on that factor so someone will open a suspicious attachment or link and they can successfully steal millions.” Based upon our experience, we couldn’t agree more. That’s why training your employees is a key risk management tool for your organization.