Light Dark
July 24, 2015 By Shane Schick 2 min read

Microsoft Office documents disguised as a payment-related information contain macros that could unleash the Dyre malware and other threats, a security researcher has warned.

Writing on the InfoSec Community Forums, Brad Duncan provides an in-depth look at how the Dyre malware, a banking Trojan, is being distributed by Bartalex, a macro-based form of malicious software that was discovered earlier this year. Attached in spam messages, the Microsoft documents purport to come from a payroll processing specialist and attempt to trick victims into opening them to find out about an Automated Clearing House Payment that has been rejected.

According to Threatpost, cybercriminals have used Bartelex as a vehicle for Dyre malware before, most recently via Dropbox links that prompted the online storage service to remove certain users from sharing links. This latest incident, however, also includes the Pony, a Trojan best known for stealing passwords and even bitcoins.

CISOs may be alarmed to learn that Dyre malware attacks are becoming more stealthy and sophisticated. Computing recently reported that major financial institutions, including the Royal Bank of Scotland and Lloyd’s Bank, were targeted in a campaign that used more than 19,000 spam messages containing the Trojan in a 72-hour period. The spam referred to phony follow-up messages from a tax consultant that tried to trick victims into downloading a form.

While cybercriminals have used Zeus and other Trojans to steal bank account information and similar credentials for some time, experts say the Dyre malware has proven particularly difficult to ward off. In early April, Security Intelligence profiled a variant known as Dyre Wolf that was using distributed denial-of-service (DDoS), man-in-the-middle (MitM) attacks and other approaches to infect machines. Social engineering has also been a staple of recent attempts to penetrate the financial sector.

The Register pointed out that while it is only about a year old, Dyre malware has been used to attack both enterprises and their customers. This is possible not only because it was well-designed, but because human nature can be a weak link no matter where you go.

In other words, don’t give in to temptation when an unexpected message or document arrives and open it right away. That’s what cybercriminals are counting on.

 |  |  | 
Shane Schick
Writer & Editor

More from

April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature