014
EUROGRABBER ATTACK
36+ Mi ll ion Euros Stolen from more
than 30,000 Bank Customers
In 2012, a sophisticated multi-dimensional attack
took place stealing an estimated 36+ million Euros
from more than 30,000 bank customers from multiple
banks across Europe. Entirely transparent to users,
online banking customers had no idea that they
were infected with trojans, that their online banking
sessions were being compromised, or that funds were
stolen directly out of their accounts. This attack was
discovered and named “Eurograbber” by Versafe and
Check Point Software Technologies. The Eurograbber
attack employed a new and very successful variation
of the ZITMO, or Zeus-In-The-Mobile trojans.
To date, this exploit has only been detected in Euro
Zone countries, but a variation of this attack could
potentially affect banks in countries outside of the
European Union. The multi-staged attack infected
the computers and mobile devices of online banking
customers. Once the Eurograbber trojans were installed
on both devices, the bank customers’ online banking
sessions were completely monitored and manipulated
by the attackers. Even the two-factor authentication
mechanism used by banks to ensure online banking
security was circumvented and was actually used by
the assailants to authenticate their illicit financial
transfers. Further, the trojans used to attack mobile
devices were developed for both the Blackberry and
Android platforms in order to attack a wider range
of victims. As such, both corporate and private bank
customers were infected and amounts ranging from
500 to 250,000 Euros were illegally transfered out
of client accounts. Additional information on the
Eurograbber attack, including a detailed review of the
incident, can be found in the Eurograbber attack case
study white paper
12
at the Check Point website.
More Vulnerabilities More Exploits
Hackers target well-known vulnerabilities. In fact, many
rely on the fact that numerous organizations do not
update their software weekly. The larger the organization,
the more difficult it is for security administrators to keep
all systems fully up-to-date. Thus, in many cases, a patched
vulnerability that’s a year old can still be used by hackers
to penetrate into host systems that haven’t updated their
systems with the latest update patches.
The sheer volume of vulnerabilities revealed every year is
overwhelming, as more than 5,000
13
new ways for hackers
to cause damage and access systems were discovered in
2012 alone. Of a greater concern is that there remains
numerous undiscovered vulnerabilities actively used by
cybercriminals which are yet to be revealed.
Total Number of Common Vulnerabilities
and Exposures
5672
2012
5235
2011
5279
2010
5132
2009
Chart 2-H
Source: Common Vulnerabilities and Exposures (CVE)
