Zeus Victimizes Cloud Payroll Service
Zeus malware are being employed by cybercriminals for targeting companies using cloud-based payroll services, according to researchers from security firm, Trusteer, as reported in pcworld on April 10, 2012.
According to Amit Klein, the Chief Technology Officer, organizations offering payroll services are highly on cards of cyber crooks, as a large chunk of money can be easily stolen from regular online banking accounts, as per news published in pcworld on April 10, 2012. Actually the Zeus attacks are specifically intended to shift large amount of funds to the criminals avoiding any of the strength control upheld by large businesses.
Of recent, researchers have revealed Zeus configuration targeting Ceridian, a human resource and payroll solutions provider in Canada. The attack is designed to capture a screenshot of the webpage offering payroll services (https://clients.powerpay.ca/powerpay/Logon*) from an infected system of a user. As a result of this attack, the user id, password, company number, and even the icon selected by the user for image-based authentication are being confiscated. Financial losses in this implant are anticipated to be quite substantial.
Earlier, in 2011, cybercriminals employed a similar method to steal an amount worth US$ 217,000 from Omaha, US-based Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization. According to published reports, the victimized was robbed off his credentials from the organization's payroll system.
Security experts signaled towards accessing cloud services that are less secured and more vulnerable towards a financial malware attack and used for the unmanaged devices.
Unfortunately, security mechanisms employed in traditional antivirus security mechanisms are incapable to secure corporate users from the Zeus attack. These kinds of attacks demand the employment of targeted investigation together with signature detection evasion for acquiring a foothold inside the systems of organizations.
However, over the last few years, crimeware kits including Zeus, SpyEye, and Eleonore have been offering uncountable updates, which signaled a sudden increase in the types of online services that are targeted by the malware. Botnet operators have also been using malwares for infiltrating into the payroll departments of various businesses. Zeus malware attack on Ceridian is a part of this malware scheme.
Related article: Zeus Trojan Stole Huge Amount of Information
» SPAMfighter News - 20-04-2012