014
EUROGRABBER ATTACK
36+ Mi ll ion Euros Stolen from more
than 30,000 Bank Customers
During 2012, a sophisticated multi-dimensional attack
took place steeling an estimated 36+ million Euros
from more than 30,000 bank customers from multiple
banks across Europe. Entirely transparent, the online
banking customers had no idea they were infected with
trojans, that their online banking sessions were being
compromised or that funds were being stolen directly out
of their accounts. This attack campaign was discovered
and named “Eurograbber” by Versafe and Check Point
Software Technologies. The Eurograbber attack employs
a new and very successful variation of the ZITMO,
or Zeus-In-The-Mobile trojans. To date, this exploit
has only been detected in Euro Zone countries, but a
variation of this attack could potentially affect banks in
countries outside of the European Union as well. The
multi-staged attack infected the computers and mobile
devices of online banking customers and once the
Eurograbber trojans were installed on both devices, the
bank customer’s online banking sessions were completely
monitored and manipulated by the attackers. Even the
two-factor authentication mechanism used by the banks
to ensure the security of online banking transactions
was circumvented in the attack and actually used by the
attackers to authenticate their illicit financial transfer.
Further, the trojans used to attack mobile devices
was developed for both the Blackberry and Android
platforms in order to facilitate a wide “target market”
and as such was able to infect both corporate and private
banking users and illicitly transfer funds out of customers’
accounts in amounts ranging from 500 to 250,000 Euros
each. Additional information on the Eurograbber attack,
including a detailed walkthrough of the attack, can be
found in the Eurograbber attack case study white paper
12
at Check Point website.
More Vulnerabilities More Exploits
Well known vulnerabilities are key targets for hackers
who rely on the simple fact that many organizations
do not update their software on a weekly basis. The
bigger the organization, the harder it is for security
administrators to keep all systems fully updated. Thus,
in many cases, a year-old patched vulnerability can still
be used to penetrate into systems of large and small
organizations that haven’t updated their systems with
the latest software patches.
The sheer number of vulnerabilities disclosed every
year is overwhelming , with more than 5,000
13
new
ways for hackers to cause damage and access systems
discovered in 2012. And there are still many more
undiscovered vulnerabilities actively used by cyber
criminals.
Total Number of Common Vulnerabilities
and Exposures
5672
2012
5235
2011
5279
2010
5132
2009
Chart 2-H
Source: Common Vulnerabilities and Exposures (CVE)