Case: Dyre Wolf Banking Malware Stole More Than $1 Million
Description: Researchers found a cyber activity “Dyre Wolf” which has
stolen more than $1 Million from different organizations with the help of spear
phishing emails, malware and social engineering tricks. IBM security
intelligence uncovered that Dyre Wolf targets businesses that use wire
transfers.
How the attack triggered: Spear phishing email is the
beginning of the attack when it reaches into the organization with an
attachment. The attachment looks like a financial report but in actual it has “Upatre
downloader” which executes the Dyre Trojan into victim’s system on backscreen.
Dyre hijack the victim’s address book and send out massive emails to all via
outlook and then malware monitor victim’s activities and waits for further
action. When the victim tries to log into one of the hundreds bank sites which
the Trojan is programmed to monitor, Dyre displays a new screen with a message
stating that the site is experiencing some issues and you must call the number
provided to make the transaction. Once the victim call the number, the victim
will assist by a real person instead of automated one. Dyre attackers use
social engineering trick to retrieve all the information and the wire transfer
is made by the crooks on the other end of the phone before the victim hangs up
the phone. When the money is being bounced from bank to bank to circumvent detection
by the bank and law enforcement, the targeted organization’s website will be
subjected to a DDos attack. The reason behind the DDos attack is to prevent
victim from accessing the bank account.
Human error
is the main cause of the attack. The attack will never be accomplished if the
victim will not provide the information on the call.
Protect
Against Dyre Wolf
Ø Employees of the organizations should
be trained on security best practices.
Ø Employees must be periodic practiced
mock phishing exercises where they receive malicious emails or attachments to
aware them about security threats.
Ø Provide training sessions to employees for
their better understanding about threats and measures.
Ø Provide reminders on phishing and
spam and teach them never provide banking credentials to anyone.
Moral
Reasoning: I
don’t think that steeling money can be a right thing from any point of view.
Dyre Wolf attack is used for only one reason to steel money. In life saving
moments steeling money can be forgivable but the stolen money is in millions.
So, there will be no space for arguments. Individual or organization make money
with their hard work, money is a kind of reward they achieve after putting their
efforts. Money become their property when they gained with their effort or
work. So, it is clear that no one has a right to steel someone’s property.
Philosopher:
John Locke (17th century, England)
“Though
the Earth, and all inferior Creatures be common to all Men, yet every Man has a
Property in his own Person. This nobody has any Right to but himself. The
Labour of his Body, and the Work of his hands, we may say, are properly his.
Whatsoever then he removes out of the State that Nature hath provided, and left
it in, he hath mixed his Labour with, and joined to it something that is his
own, and thereby makes it his Property. It being by him removed from the common
state Nature placed it in, hath by this labour something annexed to it, that
excludes the common right of other Men. For this Labour being the
unquestionable Property of the Labourer, no Man but he can have a right to what
that is once joined to, at least where there is enough, and as good left in
common for others.”
Contextualize: The philosopher clearly described
that the labor or work done by an individual or organization is totally related
to them and the reward attained from their labor is belong to them. In other
words, that will become their property. Steeling money is like steeling
property. If no one has a right to steel someone’s property and no one has a
right to steel other’s money. The money they gained from their hard work, labor
and the effort they make. So, it is a common right. From the other point of
view money is gained by attackers after their great effort and hard work done
by them. The whole attack is a kind of difficult task accomplished by them.
Anyhow it is wrong to steel someone’s money and the labor behind their task
makes sense too.
No comments:
Post a Comment