All the latest UK technology news, reviews and analysis


Luuuk hack campaign steals €500,000 in one week from European bank

25 Jun 2014
Malware cyber criminal

A cyber scam has stolen at least €500,000 from customers of a "large European bank" has been uncovered by Kaspersky Lab researchers.

Kaspersky Lab said it first uncovered evidence of the campaign, codenamed Luuuck, on 20 January, when experts detected a suspicious command and control (C&C) server on the internet.

The researchers detected transaction logs that chronicled how much the hackers have been stealing from each of their 190 victims. The amounts range from €1,700 to €39,000 per victim, earning the hackers an average of €500,000 per week.

Kaspersky Lab principal security researcher Vicente Diaz said it is currently unclear what type of malware is used to steal the money, though the firm suspects it is a modified version of Zeus, which automatically steals victims' financial information when they log in to their online bank account.

"On the C&C server we detected there was no information as to which specific malware program was used in this campaign. However, many existing Zeus variations (Citadel, SpyEye, Ice IX, etc) have that necessary capability. We believe the malware used in this campaign could be a Zeus flavour using sophisticated web injects on the victims," he said.

Kaspersky has contacted law enforcement and alerted the unnamed bank about the scam. Diaz said tracking the scammers is difficult as Luuuk uses an atypical method to send the stolen funds to them.

The scam reportedly involves a multitude of different groups spreading the money to various specially created bank accounts using "money mules". The different groups spreading the cash are reportedly responsible for handling differing amounts of money, and once in the accounts the cash is taken out of an ATM.

Diaz said the structured approach to transferring the money indicates that the scam is being run by an organised group. "These differences in the amount of money entrusted to different 'drops' may be indicative of varying levels of trust for each ‘drop' type. We know that members of these schemes often cheat their partners in crime and abscond with the money they were supposed to cash," he said

"The Luuuk's bosses may be trying to hedge against these losses by setting up different groups with different levels of trust: the more money a ‘drop' is asked to handle, the more he is trusted."

Cyber attacks targeting banking systems are an increasing problem facing governments and businesses. Law enforcement agencies across the world, including the UK National Crime Agency, attempted to mitigate the threat by mounting a co-ordinated takedown operation against the infamous Gameover Zeus botnet earlier this year.

Security experts told V3 earlier in June that, while the move was positive, law enforcement's more aggressive stance towards combating cyber crime could lead to a fresh wave of advanced cyber attacks.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
13%
4%
10%
4%
22%
4%
43%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Hotel Market Administrator - German Speaking - Budapest

Hotel Market Administrator - German & English Speaking...

Director of Frontend Engineering (Bangkok)

Director of Frontend Engineering (Bangkok) Company...

BI/Statistics Expert/MI/Database Analyst (SQL, R, Big Data)

BI / Statistics Expert / MI / Database Analyst (SQL...

Metasearch MSE / Vertical Search Director (Bangkok)

Metasearch MSE / Vertical Search Director (Analytics...
To send to more than one email address, simply separate each address with a comma.