Taming the (Dyre) Wolf and other fraudsters

By Kyriba April 30, 2015

European budget airline Ryanair just came out as the latest high-profile victim of a major online fraud incident1, with about €5m being siphoned out of one of the company’s bank accounts. Fortunately (and also surprisingly), the cash has been traced, to an overseas bank, and is expected to be returned to Ryanair in the near future.

Although there may be a bit of schadenfreude over the identity of the victim, this latest incident highlights the alarming rise in online corproate fraud, and the ability of perpetrators to target even the largest and most sophisticated of companies. One of the big reasons for this is the growing sophistication of the attacks, both from a technical point of view and also their ability to use complex social engineering techniques.

In fact, one new scheme, Dyre Wolf, which was recently discovered by researchers at IBM can really be described as evil genius2. A description of how it is executed can be found below.

The dyer wolf attack steps

So what can corporate treasurers do to prevent being hit by such a sophisticated attack? I’ve gone into detail about this before, but as a recap, companies (specifically treasury departments) need to implement the following:

  • Processes: establish – and enforce – thorough processes, especially regarding payments, so that if there is any deviation from these (e.g. an unusual request for a wire transfer that requests bypassing existing security processes), a red flag is raised with staff members. This should certainly involve robust approval processes.
  • Technology: implement security processes (e.g. multi-factor authentication. digital signatures, IP filters) and improved workflows, so that it isn’t possible to make transfers through unauthorized processes and channels. A good treasury management system will have a wide range of tools that can dramatically reduce your exposure to fraud.
  • Education: teach your staff about spear phishing, malware and social engineering practices, and keep reinforcing the message. Ensure you have pre-designated contacts and phone numbers at banks that you can contact with questions.
  • Test: hire a security consultant to run drills and try to crack your system. Use this feedback to strengthen your processes.

While the criminals are certainly continuing to enhance their methods to extract money from organizations, there is no reason that a combination of strong IT security measures, combined with an educated, alert and process-driven treasury team should fall victim to these types of attack.


1Almost $5 million fraudulently taken from Ryanair bank account – Reuters, April 29, 2015

2The Dyre Wolf Campaign: Stealing Millions and Hungry for More – SecurityIntelligence.com, April 2, 2015


Activate Liquidity.

Transform how you use liquidity as a dynamic vehicle for growth and value creation

Find out how