The Golddigger Virus

Last week, I received an urgent call from the IT Director who had the company comptroller on speakerphone.   They had been told about a virus that performs social engineering, creates new employees, and transfers your funds to a swiss bank account.   It’s called the Triple D virus.  I like to think I keep up on current security news, and I hadn’t heard such a virus.   I said I’d see what I could uncover.  Then I had to hop on a conference call.  

Five minutes later it hits me.   Social Engineering.   Unwanted dependants.   All my money gone.   Triple Ds.    I think I’ve been punked.   Would my Director and the comptroller really do that?   Yes.   Yes they would.

The Director denied all knowledge of it being a joke.   Now they have an email from the executive reporting the virus threat  with what little details there are to be had.   The virus is actually called the Triple B virus.  It performs the following
1.  The virus targets non-profits.
2.  Socially Engineers Human Resources employees to gets new accounts created.
3.  Transfers payroll funds to Swiss bank accounts

This virus has purportedly targeted one of our competitors so the exec wants us to be on watch for it.  

The story seems fishy but perhaps that is because its being relayed and something is lost in translation.

If this is a real incident that they detected surely the named company would be willing to share details so we know what to watch out for.   Unfortunately we heard nothing from that request.

All we can really do is place the “report” within the walls of what we know happens.
1.   “Triple B” virus could refer to the Better Business Bureau (BBB) spear phishing that we’ve seen.      That seems a bit run-of-the-mill to get worked up over.
2.  Small Business and non-profits are frequently the target of attacks.   But rather than some grandiose scheme, account info is stolen and money mules are used to steal the money.   This is a very real risk.  
3.  Certainly insider attacks are of concern well.   Controls need to be in place to prevent and detect unauthorized payroll accounts and transfers.
4.   APT wants your money not just your secrets.  

 If it’s obviously an urban legend, you may want to just punt reports like this quickly.   Otherwise make it a teachable moment.    So what would happen if someone tried to phish information out of Human Resources?   What happens if an unauthorized payroll account is created?   How are our financial accounts protected?