Lebanese banks infected by 'Gauss' virus

  • Share via facebook
  • Tweet this
  • Bookmark and Share
(Image for illustrative purposes)

(Image for illustrative purposes)

Several Lebanese banks were targeted by a sophisticated new virus capable of stealing financial data, researchers say, with evidence suggesting the cyber attack may have been state-backed.

According to Kasperky Lab, which discovered the attack it dubbed ‘Gauss’, the virus was based on the same platform as Stuxnet, a cyber weapon that attacked Iranian nuclear infrastructure in 2010, and cyber espionage tools Duqu and Flame.

“We’re talking here about Bank of Beirut, Blom Bank, Byblos Bank, Credit Libinais - most of them are banks that are based in Lebanon,” Stefan Tanase, a senior security researcher for Kaspersky Lab based in Moscow, told Arabian Business.

He added that systems belonging to Citibank and online payments firm Paypal had also been infected.

Tanase said that the virus, which is spread via USB drives, was designed to monitor financial transactions and emails and had so far infected around 1,600 computers in the Levant country. He said that researchers had so far not seen evidence to suggest other machines in other countries in the region had been infected.

“The likely case is that [the attacker] is monitoring transaction flows to gather intelligence about their victims,” Tanase said, adding that the virus could be used by “a nation state operation that is financing itself by stealing money from the victims,” but he thought this was unlikely.

Kaspersky Lab refused to speculate on who might be behind the attack, but said that the complexity of Gauss’s code and its shared characteristics with Stuxnet, Duqu and Flame strongly suggested the attack was state-sponsored.

Tanase said that Gauss contained a heavily encrypted payload which would only be triggered when the virus infected a specific machine.

Stuxnet, which also spread via USB drives, had a similarly encrypted module that was only triggered when it infected centrifuges at Iran’s uranium enrichment facility in Natanz. Stuxnet was designed to cause nuclear centrifuges to spin out of control and eventually break, but the plant’s operators discovered the attack before this could occur.

Kasperky Lab’s Tanase said that the security firm had seen the type of encryption used in Gauss before and was hopeful that the company could decrypt the mystery module within a few weeks.

Bank of Beirut, Blom Bank, Byblos Bank, Credit Libinais, Citigroup and Paypal did not immediately response to Arabian Business's request for comment.

Related:
Companies
Join the Discussion

Disclaimer:The view expressed here by our readers are not necessarily shared by Arabian Business, its employees, sponsors or its advertisers.

Please post responsibly. Commenter Rules

Posted by: socalmonk

Kaspersky Labs may have declined to speculate openly about which state or states might be the origin of this new cyber attack, but I have no doubts, and will be more than happy to call out Israel and the United States, the two nations already most responsible for the instability that plagues the Middle East. Had another nation done this to Israel or the U.S. it would be cause for military action. This cyber-warfare against non-aligned nations has got to stop.

Enter the words above: Enter the numbers you hear:

All comments are subject to approval before appearing

Further reading

Features & Analysis
Making Connections: Lou Lou Khazen Baz

Making Connections: Lou Lou Khazen Baz

In the space of just two years Nabbesh has grown from a bold...

2
The politics of big data

The politics of big data

The UAE may be one of the fastest adopters of e-government initiatives...

Gateway to a new era

Gateway to a new era

Could Telr be the answer to start-ups’ prayers? The new three...

Most Popular
Most Discussed