Researchers at Trusteer have spotted a new attack vector from Zeus that aligns perfectly with previous financially motivated targets. Based on the information collected and previous attacks, it appears as if the newer Zeus configurations will remain focused on the bigger fish.
Trusteer managed to capture a Zeus sample that is targeting Ceridian, a Canadian HR and payroll services firm. Once installed on a compromised host, Zeus will capture a screenshot of Ceridian’s client portal, allowing the malware’s controller access to the User ID, Company Number, and the image-based authentication icon. In addition, the keylogging aspect of the malware will ensure that the password is compromised. With this information in hand, the attacker can compromise the account at will.
Trusteer notes that compromises such as this one can be devastating to a company. Last August, criminals walked with more than $200,000 after compromising a system used by the Metropolitan Entertainment & Convention Authority (MECA).
Such scams are expected to increase, Trusteer notes, because enterprise payroll systems offer access to larger sums of cash. Moreover, access to a large organizations payroll system allows the attackers a better chance of funneling money out to mules before any red flags are raised.
Not to mention, there is a good chance that cloud-based payroll systems are able to be accessed with unmanaged mobile devices, allowing the crooks an additional avenue of compromise that could go undetected for some time.
The larger problem however, is one that most companies have no real means to defend against; as it’s out of their control once they use external services.
“By targeting a cloud service provider, the criminals are bypassing tight security mechanisms that are typically employed by medium to large enterprises. In a cloud service provider environment, the enterprise customers who use the service have no control over the vendor’s IT systems and thus little ability to protect their backend financial assets,” said Trusteer’s Amit Klein in a blog post.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
