Check Point and Versafe uncover new Eurograbber attack

Research reveals an estimated €36+ million stolen from banking customers across Europe

December 6, 2012

Research reveals an estimated €36+ million stolen from banking customers across Europe

Check Point Software Technologies Ltd, the worldwide leader in securing the Internet, and Versafe, a private and independent vendor of online fraud prevention solutions, today published “A Case Study of Eurograbber: How 36 million was stolen via malware”. The case study uncovers a highly sophisticated attack used to steal millions from corporate and private banking customers across Europe.

Eurograbber was launched against banking customers, using a sophisticated combination of malware directed at computers and mobile devices. The malware, in conjunction with the attackers’ command and control server, first infected the victims’ computers, and then, infected their mobile devices in order to intercept SMS messages to bypass the banks’ two-factor authentication process. With the stolen information and the transaction authentication number (TAN), the attackers then performed automatic transfers of funds, ranging between €500 and €250,000, from the victims’ accounts to mule accounts across Europe.

Key Findings:

  • An estimated €36+ million has been stolen from more than 30,000 corporate and private bank accounts.
  • The attacks originated in Italy, but quickly spread to Germany, Holland, and Spain.
  • The theft involved a sophisticated combination of malware directed at computers and mobile devices of banking customers.
  • A new and very successful iteration of a bot attack (the Zeus Trojan) was used in the widespread Eurograbber attack.
  • Android and Blackberry mobile devices were specifically targeted, showing that attacks against Android devices are a growing trend.

“Cyberattacks are constantly evolving to take advantage of the latest trends. As online and mobile banking continue to grow, we will see more targeted attacks in this area, and Eurograbber is a prime example,” said Gabi Reish, Head of Product Management at Check Point Software Technologies. “The best way to prevent these attacks is with a multi-layered security solution that spans network, data, and endpoints, powered by real time threat intelligence.”

“Cyberattacks have become more sophisticated, more creative, and more targeted than ever before,” said Eran Kalige, Head of Security Operation Center, Versafe. “As seen with Eurograbber, attackers are focusing on the weakest link, the people behind the devices, and using very sophisticated techniques to launch and automate their attacks and avoid traceability.”

Check Point provides comprehensive protection for both enterprises and consumers against all types of threats. Check Point Gateways running Check Point Software Blades, such as Antivirus, Anti-bot, and IPS, can detect and prevent the Eurograbber attack. Check Point Threat Cloud™, the first collaborative network to fight cybercrime, feeds software blades with real-time intelligence and signatures enabling the gateways to identify and block attacks, including malware detection and bot communications, which are key elements of the Eurograbber attack. Additionally, Check Point’s ZoneAlarm solutions protect home users’ computers from Zeus Trojan variants and other malware and online threats.

Versafe’s technology and products detect and prevent attacks, like Eurograbber, in real-time. With its unique set of components installed on a bank’s website, Versafe protects online users who log onto the website. By leveraging components such as the vHTML, Versafe can detect zero-day malware. Additionally, Versafe vCrypt eliminates malware functionality and renders the attacker’s database useless. Versafe offers financial organisations, who are operating online, the ability to gain and maintain control over areas that were previously unreachable and indefensible, enabling them to protect their end users seamlessly.

The case study provides step-by-step insight into how Eurograbber was executed against thousands of banking customers across Europe, and it includes solutions for both consumers and enterprises to prevent these types of attacks. For the full report, please click: http://www.checkpoint.com/products/downloads/whitepapers/Eurograbber_White_Paper.pdf