Best of the Week
Most Popular
1. US Housing Market Real Estate Crash The Next Shoe To Drop – Part II - Chris_Vermeulen
2.The Coronavirus Greatest Economic Depression in History? - Nadeem_Walayat
3.US Real Estate Housing Market Crash Is The Next Shoe To Drop - Chris_Vermeulen
4.Coronavirus Stock Market Trend Implications and AI Mega-trend Stocks Buying Levels - Nadeem_Walayat
5. Are Coronavirus Death Statistics Exaggerated? Worse than Seasonal Flu or Not?- Nadeem_Walayat
6.Coronavirus Stock Market Trend Implications, Global Recession and AI Stocks Buying Levels - Nadeem_Walayat
7.US Fourth Turning Accelerating Towards Debt Climax - James_Quinn
8.Dow Stock Market Trend Analysis and Forecast - Nadeem_Walayat
9.Britain's FAKE Coronavirus Death Statistics Exposed - Nadeem_Walayat
10.Commodity Markets Crash Catastrophe Charts - Rambus_Chartology
Last 7 days
Silver Notches Best Month Since 1979 - 12th Aug 20
Silver Shorts Get Squeezed Hard… What’s Next? - 12th Aug 20
A Tale of Two Precious Metal Bulls - 12th Aug 20
Stock Market Melt-Up Continues While Precious Metals Warn of Risks - 12th Aug 20
How Does the Gold Fit the Corona World? - 12th Aug 20
3 (free) ways to ride next big wave in EURUSD, USDJPY, gold, silver and more - 12th Aug 20
A Simple Way to Preserve Your Wealth Amid Uncertainty - 11th Aug 20
Precious Metals Complex Impulse Move : Where Is next Resistance? - 11th Aug 20
Gold Miners Junior Stcks Buying Spree - 11th Aug 20
Has the Fed Let the Inflation Genie Out of the Bottle? - 10th Aug 20
The Strange Food Trend That’s Making Investors Rich - 10th Aug 20
Supply & Demand For Money – The End of Inflation? - 10th Aug 20
Revisiting Our Silver and Gold Predictions – Get Ready For Higher Prices - 10th Aug 20
Storm Clouds Are Gathering for a Major Stock and Commodity Markets Downturn - 10th Aug 20
A 90-Year-Old Stock Market Investment Insight That's Relevant in 2020 - 10th Aug 20
Debt and Dollar Collapse Leading to Potential Stock Market Melt-Up, - 10th Aug 20
Coronavirus: UK Parents Demand ALL Schools OPEN September, 7 Million Children Abandoned by Teachers - 9th Aug 20
Computer GPU Fans Not Spinning Quick FIX - Sticky Fans Solution - 9th Aug 20
Find the Best Speech Converter for You - 9th Aug 20
Silver Bull Market Update - 7th Aug 20
This Inflation-Adjusted Silver Chart Tells An Interesting Story - 7th Aug 20
The Great American Housing Boom Has Begun - 7th Aug 20
NATURAL GAS BEGINS UPSIDE BREAKOUT MOVE - 7th Aug 20
Know About Lotteries With The Best Odds Of Winning - 7th Aug 20
Could Gold Price Reach $7,000 by 2030? - 6th Aug 20
Bananas for All! Keep Dancing… FOMC - 6th Aug 20
How to Do Bets During This Time - 6th Aug 20
How to develop your stock trading strategy - 6th Aug 20
Stock Investors What to do if Trump Bans TikTok - 5th Aug 20
Gold Trifecta of Key Signals for Gold Mining Stocks - 5th Aug 20
ARE YOU LOVING YOUR SERVITUDE? - 5th Aug 20
Stock Market Uptrend Continues? - 4th Aug 20
The Dimensions of Covid-19: The Hong Kong Flu Redux - 4th Aug 20
High Yield Junk Bonds Are Hot Again -- Despite Warning Signs - 4th Aug 20
Gold Stocks Autumn Rally - 4th Aug 20
“Government Sachs” Is Worried About the Federal Reserve Note - 4th Aug 20
Gold Miners Still Pushing That Cart of Rocks Up Hill - 4th Aug 20
UK Government to Cancel Christmas - Crazy Covid Eid 2020! - 4th Aug 20
Covid-19 Exposes NHS Institutional Racism Against Black and Asian Staff and Patients - 4th Aug 20
How Sony Is Fueling the Computer Vision Boom - 3rd Aug 20
Computer Gaming System Rig Top Tips For 6 Years Future Proofing Build Spec - 3rd Aug 20
Cornwwall Bude Caravan Park Holidays 2020 - Look Inside Holiday Resort Caravan - 3rd Aug 20
UK Caravan Park Holidays 2020 Review - Hoseasons Cayton Bay North East England - 3rd Aug 20
Best Travel Bags for 2020 Summer Holidays , Back Sling packs, water proof, money belt and tactical - 3rd Aug 20
Precious Metals Warn Of Increased Volatility Ahead - 2nd Aug 20
The Key USDX Sign for Gold and Silver - 2nd Aug 20
Corona Crisis Will Have Lasting Impact on Gold Market - 2nd Aug 20
Gold & Silver: Two Pictures - 1st Aug 20
The Bullish Case for Stocks Isn't Over Yet - 1st Aug 20
Is Gold Price Action Warning Of Imminent Monetary Collapse - Part 2? - 1st Aug 20
Will America Accept the World's Worst Pandemic Response Government - 1st Aug 20
Stock Market Technical Patterns, Future Expectations and More – Part II - 1st Aug 20
Trump White House Accelerating Toward a US Dollar Crisis - 31st Jul 20
Why US Commercial Real Estate is Set to Get Slammed - 31st Jul 20
Gold Price Blows Through Upside Resistance - The Chase Is On - 31st Jul 20
Is Crude Oil Price Setting Up for a Waterfall Decline? - 31st Jul 20
Stock Market Technical Patterns, Future Expectations and More - 30th Jul 20
Why Big Money Is Already Pouring Into Edge Computing Tech Stocks - 30th Jul 20
Economic and Geopolitical Worries Fuel Gold’s Rally - 30th Jul 20
How to Finance an Investment Property - 30th Jul 20
I Hate Banks - Including Goldman Sachs - 29th Jul 20
NASDAQ Stock Market Double Top & Price Channels Suggest Pending Price Correction - 29th Jul 20
Silver Price Surge Leaves Naysayers in the Dust - 29th Jul 20
UK Supermarket Covid-19 Shop - Few Masks, Lack of Social Distancing (Tesco) - 29th Jul 20
Budgie Clipped Wings, How Long Before it Can Fly Again? - 29th Jul 20
How To Take Advantage Of Tesla's 400% Stock Surge - 29th Jul 20
Gold Makes Record High and Targets $6,000 in New Bull Cycle - 28th Jul 20
Gold Strong Signal For A Secular Bull Market - 28th Jul 20
Anatomy of a Gold and Silver Precious Metals Bull Market - 28th Jul 20
Shopify Is Seizing an $80 Billion Pot of Gold - 28th Jul 20
Stock Market Minor Correction Underway - 28th Jul 20
Why College Is Never Coming Back - 27th Jul 20
Stocks Disconnect from Economy, Gold Responds - 27th Jul 20
Silver Begins Big Upside Rally Attempt - 27th Jul 20
The Gold and Silver Markets Have Changed… What About You? - 27th Jul 20
Google, Apple And Amazon Are Leading A $30 Trillion Assault On Wall Street - 27th Jul 20
This Stock Market Indicator Reaches "Lowest Level in Nearly 20 Years" - 26th Jul 20
New Wave of Economic Stimulus Lifts Gold Price - 26th Jul 20
Stock Market Slow Grind Higher Above the Early June Stock Highs - 26th Jul 20
How High Will Silver Go? - 25th Jul 20
If You Own Gold, Look Out Below - 25th Jul 20
Crude Oil and Energy Sets Up Near Major Resistance – Breakdown Pending - 25th Jul 20
FREE Access to Premium Market Forecasts by Elliott Wave International - 25th Jul 20
The Promise of Silver as August Approaches: Accumulation and Conversation - 25th Jul 20
The Silver Bull Gateway is at Hand - 24th Jul 20
The Prospects of S&P 500 Above the Early June Highs - 24th Jul 20
How Silver Could Surpass Its All-Time High - 24th Jul 20

Market Oracle FREE Newsletter

How to Get Rich Investing in Stocks by Riding the Electron Wave

Sophisticated Smartphone Hacking: 36 Million Euros Banking Theft

ConsumerWatch / Scams Dec 06, 2012 - 10:33 AM GMT

By: DK_Matai

ConsumerWatch

A sophisticated digital attack involving smart mobile phones has been used to steal 36 million euros or 47 million dollars from corporate and private banking customers across Europe.  The attack appears to have emanated from cybercrime servers in the Ukraine.  Android and Blackberry mobile devices have been specifically targeted, showing that attacks against Android devices are now a growing trend.  A new customised version of the Trojan spyware application "Zeus" called "ZITMO" or "Zeus-In-The-MObile" has been deployed, which security companies have called Eurograbber.  This enables a two-stage Trojan virus attack to progress that spreads from a victim’s Personal Computer or PC to their mobile telephone.  Eurograbber marks the first such case of PC-to-mobile Trojan malware targeted specifically at online banking.  More than 30,000 online banking customers in Germany, Italy, Spain and the Netherlands have been affected by this attack.


Breaking into Smartphones

 

Second Major Online Banking Breach in 2012

The Eurograbber attack -- the second significant online banking breach -- follows a similar event earlier this year, known as Operation High Roller.  High Roller utilised the same "ZITMO" technology to engineer 60 million dollars in fraudulent money transfers at 60 financial institutions.  Like High Roller, Eurograbber also started in Italy before spreading to other countries in mainland Europe.

30+ European Banks Targeted

The criminal syndicate behind Eurograbber appears to have configured the Trojan malware to target customers of 16 specific banks in Italy, as well as seven in Spain, six in Germany and three in the Netherlands.  Individual transfer amounts made by Eurograbber malware ranged from 500 euros (656 dollars) to 250,000 euros (328,000 dollars) per victim.  Targeted European banks and law enforcement agencies in the affected countries have been notified.

Case Study of Eurograbber

The sophisticated digital attack is described in a new report called "A Case Study of Eurograbber: How €36 million was stolen via malware” by Check Point and Versafe.  The report offers a step-by-step picture of how individual computers are infected and how the infected machines are then used to pull off the heist. 

Summary of Report

Eurograbber was launched against banking customers, using a sophisticated combination of malware directed at computers and mobile devices. The malware, in conjunction with the attackers’ command and control server, first infected the victims’ computers, and then, infected their mobile devices in order to intercept SMS [text] messages to bypass the banks’ two-factor authentication process.  With the stolen information and the Transaction Authentication Number (TAN), the attackers then performed automatic transfers of funds, ranging between 500 euros and 250,000 euros, from the victims’ accounts to mule accounts across Europe. To date, this exploit has only been detected in euro zone countries, but a variation of this attack could potentially affect banks in countries outside of the European Union as well.

Defeating Two Stage Authentication

The Eurograbber "ZITMO" elaborate attack is designed to defeat the two-factor authentication systems deployed by many banks. To do that, a companion, Smartphone version of the malware intercepts the one-time Transaction Authentication Number (TAN) that banks send to a customer's mobile device, via SMS or text, which the customer must then enter into a banking website prompt to authorise a money transfer.  Verification codes appear to have been recorded and used to create further banking sessions in real time. 

Two Stage Authentication Questioned

Two-stage authentication, whereby a customer enters a second code generated by the bank in addition to a regular password or pin number, is common in online banking and online eCommerce. It is also used by companies such as PayPal and Google to make cloud computing shopping and services more secure.  More than 30 per cent of the EU and US banks appear to deploy similar security systems for online banking and eCommerce.

How Can Users Protect Themselves From Becoming Victims? Report Suggestions

1. Regular Updates

Attackers consistently look to exploit known security flaws so a critical preventative measure is to regularly update all computers that are used to conduct online banking transactions. Doing so ensures the most current vendor patches and security signatures are applied thus providing the most current security available. Below are the primary elements that should be regularly updated.

a.    Operating System

b.    Antivirus software

c.    Java

d.    Adobe Flash

e.    Adobe Reader

f.     Internet Browser

g.    Any other tools or programs used for downloading files or web surfing

One of the most common infection methods is “drive-by-downloads” where malicious code is silently downloaded onto a web surfer’s computer while they are surfing the internet. It is very likely that some of the Eurograbber victims were initially infected by drive-by-downloads. Maintaining current software and security products on your computer will provide the most protection against current infection techniques like drive-by-downloads. Additionally, conducting regular antivirus scans can inform users of existing computer infections so they can take remediation actions to remove the malware.

2. Never Respond To Unsolicited Emails

Social engineering is an essential part of the attack. The email directing the customer to "click on the link to improve online banking security" is the key that opens Pandora's Box and begins the attack. Known as "phishing" emails, if the banking customer recognizes the email as unsolicited and does not click on the link, their desktop will not be infected and the Eurograbber attack will not occur. It is very important to never respond to unsolicited emails from your financial institutions. If the message is concerning to you, then contact the institution directly. Use a different source rather than using a phone number provided in the email. Inform them of the email and follow their guidance.

As a user, following best practices -- maintaining OS, application and security currency on your computer and exercising caution with unsolicited emails and during internet surfing -- can provide some of the very best protection against becoming infected.

Conclusion of Report

Eurograbber is an excellent example of a successful targeted, sophisticated and stealthy attack. The threat from custom designed, targeted attacks like Eurograbber is real and is not going away. The threat community is alive and motivated to create ever more sophisticated attacks because the spoils are rich and many. Enterprises as well as individuals need to exercise due care and ensure they conduct important online business, especially financial transactions in the most secure environments possible.  Further, individual users must be steadfast in ensuring all of their desktops, laptops and tablets have all possible security layers enabled and that they are kept current with software and security updates to ensure the best protection possible.  Online banking customers should make efforts to ensure their computer is current and to also conduct their online banking transactions from the most secure environment possible.  A computer that is current in OS and application updates and security protections combined with an office network that is protected with multiple layers of security will provide the most protection against attacks like Eurograbber.

What are your thoughts, observations and views? We are hosting an Expert roundtable on this issue at ATCA 24/7 on Yammer.

By DK Matai

www.mi2g.net

Asymmetric Threats Contingency Alliance (ATCA) & The Philanthropia

We welcome your participation in this Socratic dialogue. Please access by clicking here.

ATCA: The Asymmetric Threats Contingency Alliance is a philanthropic expert initiative founded in 2001 to resolve complex global challenges through collective Socratic dialogue and joint executive action to build a wisdom based global economy. Adhering to the doctrine of non-violence, ATCA addresses asymmetric threats and social opportunities arising from climate chaos and the environment; radical poverty and microfinance; geo-politics and energy; organised crime & extremism; advanced technologies -- bio, info, nano, robo & AI; demographic skews and resource shortages; pandemics; financial systems and systemic risk; as well as transhumanism and ethics. Present membership of ATCA is by invitation only and has over 5,000 distinguished members from over 120 countries: including 1,000 Parliamentarians; 1,500 Chairmen and CEOs of corporations; 1,000 Heads of NGOs; 750 Directors at Academic Centres of Excellence; 500 Inventors and Original thinkers; as well as 250 Editors-in-Chief of major media.

The Philanthropia, founded in 2005, brings together over 1,000 leading individual and private philanthropists, family offices, foundations, private banks, non-governmental organisations and specialist advisors to address complex global challenges such as countering climate chaos, reducing radical poverty and developing global leadership for the younger generation through the appliance of science and technology, leveraging acumen and finance, as well as encouraging collaboration with a strong commitment to ethics. Philanthropia emphasises multi-faith spiritual values: introspection, healthy living and ecology. Philanthropia Targets: Countering climate chaos and carbon neutrality; Eliminating radical poverty -- through micro-credit schemes, empowerment of women and more responsible capitalism; Leadership for the Younger Generation; and Corporate and social responsibility.

© 2012 Copyright DK Matai - All Rights Reserved Disclaimer: The above is a matter of opinion provided for general information purposes only and is not intended as investment advice. Information and analysis above are derived from sources and utilising methods believed to be reliable, but we cannot accept responsibility for any losses you may incur as a result of this analysis. Individuals should consult with their personal financial advisors.

DK Matai Archive

© 2005-2019 http://www.MarketOracle.co.uk - The Market Oracle is a FREE Daily Financial Markets Analysis & Forecasting online publication.


Post Comment

Only logged in users are allowed to post comments. Register/ Log in

6 Critical Money Making Rules