Security firm Check Point and online fraud prevention solutions provider Verasafe have released a case study regarding a highly sophisticated cybercriminal campaign that managed to steal more than €36 million EUR ($47 million) from over 30,000 bank accounts belonging to individuals and companies from all over Europe.
According to the whitepaper published by Check Point and Verasafe, Eurograbber relied on a sophisticated combination of malware that targeted the computers and mobile devices of online banking customers.
The attacks started with pieces of malware that infected the victims’ computers and their mobile devices in order to intercept the SMS messages containing the two-factor authentication codes.
Once they gained access to the online credentials and the transaction authentication numbers (TANs), the crooks initiated the automatic transfers of funds from the victims’ accounts to the ones of mules located across Europe.
The amounts of money they stole from each account ranged between €500 ($650) and €250,000 ($326,000).
The attacks started in Italy, but they spread to Germany, the Netherlands and Spain. They mostly relied on a new version of the ZeuS Trojan.
As far as the targeted mobile devices are concerned, most of them were BlackBerry and Android phones.
Gabi Reish, head of product management at Check Point Software Technologies, explains that cyberattacks are constantly evolving to take advantage of the latest trends.
“As online and mobile banking continue to grow, we will see more targeted attacks in this area, and Eurograbber is a prime example,” Reish said.
“The best way to prevent these attacks is with a multi-layered security solution that spans network, data, and endpoints, powered by real time threat intelligence.”
Eran Kalige, head of security operation Centera at Versafe, highlights the fact that cybercriminals have begun launching more sophisticated, more targeted, and more creative attacks.
“As seen with Eurograbber, attackers are focusing on the weakest link, the people behind the devices, and using very sophisticated techniques to launch and automate their attacks and avoid traceability,” he noted.