IBM discovered a new malware called "Dyre Wolf" that has already robbed over $1 million from unsuspecting companies.
However, the attacks are not carried through the malware alone. IBM suggests that social engineering is also used to further advance the robbery on large corporations.
IBM Senior Threat Researcher John Kuhn wrote in a blog post that cybercriminals are growing because of their network, where they share their expertise and techniques. This results into better and more organized long-term attacks on companies with big money.
Dyre Wolf is another variant of the Dyre malware that is specialized for targeting online banking websites.
"Since its start in 2014, Dyre has evolved to become simultaneously sophisticated and easy to use, enabling cybercriminals to go for the bigger payout," wrote Kuhn.
IBM said that the group of hackers also take a personal approach by talking to users on phone. This helps them bypass the supposedly secure two-factor authentication that is widely utilized by most companies for cybersecurity, according to PC World.
Dyre Wolf works through an organization or company using a seemingly harmless email in Outlook, claiming that it's a fax for employees to open.
Once the malicious email is opened, a malware called Upatre that downloads the Dyre Wolf Trojan. After it is downloaded even in just one computer, it will then spread itself into the company network.
IBM said that if an unsuspecting user tries to login on a banking website, the Dyre Wolf malware shows a message saying that the account is unavailable. The employee is then told to call a number provided by the malware, according to ZD Net.
This number is connected to the hackers, who will then fool the employee into giving credentials, which in turn will be used to order money from the company's account.
IBM Security Vice President Caleb Barlow said that the hackers' live phone operator scheme is what makes the Dyre Wolf scam one of a kind.
DDoS attacks will be carried out on the company websites to keep their IT department from finding out the stolen money.
IBM recommends companies to train their employees on how to spot suspicious activities and malicious malware to avoid being victims of the Dyre Wolf scheme.