People have grown increasing accustomed to and comfortable with buying online. This Holiday season, forecasters expect online sales to increase as much as 17% over last year. While this is great news for online retailers and harried shoppers, it’s wise to remember that you should take precautions when shopping and banking online.
Bill Wolkey, Kaye-Smith’s Information Security Administrator, provided the following article to our employees to remind them just how sophisticated online criminals have become.
‘Eurograbber’ Lets Attackers Steal 36 Million Euros From Banks, Customers: Cybercriminals combine new Trojan with SMS malware to crack online banking systems
– Tim Wilson, Dec 06, 2012, Dark Reading
Researchers say they have identified and thwarted a malware attack that enabled attackers to steal more than 36 million euros from more than 30,000 online banking customers in Europe.
The attack, dubbed “Eurograbber,” infected users’ PCs with a new version of the Zeus Trojan, and then convinced them to download malware to their cell phones, defeating the second factor of authentication and exposing online banking accounts to slow data theft, according to researchers at security vendor Check Point Software and Versafe, an online fraud prevention vendor.
“It was a targeted, multistage, sophisticated attack that used two different Trojans to infect both the online banking system and the user’s phone,” says Darrell Burkey, director of IPS at Check Point. “It broke through both the first factor of authentication on the banking system and the second factor of authentication, which in Europe is often an SMS-based cell phone.”
The attack affected more than 30,000 accounts at more than 30 banks throughout Europe, the researchers say. The criminals stole money in small amounts from both personal and corporate accounts so as not to be immediately detected.
The researchers shared their discovery with the affected banks and law enforcement agencies, and the infrastructure that was used to crack the online banking systems has been taken down, Check Point and Versafe say. The perpetrators of the crime have not been identified.
“We’re not saying that it couldn’t come back,” says Eyal Gruner, security engineer at Versafe. “When the infrastructure under High Roller [another malware attack] was taken down, it reappeared again later. It’s still out there, but the initial command-and-control infrastructure has been taken down.”
Check Point has registered a signature for the attack and its software would block it if it reappeared, Burkey says.
The attack was sophisticated in that it infected the banking system first and then sent a phishing message to customers, telling them to update the online banking software on their cell phones. The update messages appeared to come directly from the affected bank, and a significant percentage of customers fell for the ruse and downloaded the Zitmo-based malicious software to their phones, the researchers say.
“It’s definitely one of the most sophisticated banking attacks we’ve seen,” Burkey says.
You can find the original article at Dark Reading.
Enjoy your holiday shopping – but remember to be careful about what information you release and who you give it to!