Phishers Target ADP Clients to Steal their Payroll Information

Security Investigators from SANS ISC are cautioning about cyber-criminals attacking clients of 'Automatic Data Processing' (ADP) the provider of BPO (business process outsourcing) with phishing e-mails that attempt at grabbing their confidential payroll information.

It maybe noted that globally 600,000 organizations are benefited from ADP's supply of payroll administrative facilities and outsourced human capital, with 7,000 such organizations situated in New Zealand and Australia.

Utilizing fear tactics, the phishing electronic mail tells the receiver that it's time his certificate designed for gaining admission into the Automatic Data Processing system managing his payroll will expire therefore, he requires renewing it for which he must click a web-link given in the e-mail.

But, the clicking takes the user onto a malicious site, which attempts at abusing security flaws within obsolete browser plug-ins so his PC gets contaminated with malware.

The malicious site exploits a Java flaw, amongst others, detected as CVE-2012-1723, which Security Company Oracle patched during June 2012. Security Researcher Jeong Wook Oh from the Microsoft malware Protection Center states that this vulnerability is being increasingly abused through Web-based assaults. Pcworld.com published this on August 6, 2012.

ISC explained that VirusTotal's detection rate of the CVE-2012-1723 vulnerability utilized within the ADP phishing assault was low. Notably, VirusTotal is a scanning service of files online, operating 41 AV engines.

Worryingly, personalized assaults and phishing campaigns targeting staff within organizations that were entrusted with payroll as well as other finance operations reflected a continuous hazard since long; however, those mayn't be so widely-known like a few of the largely common spoofed/phishing attacks. The aim of those attacks was initiating malware infection on the computers belonging to people who routinely dealt with financial transactions and huge sums-of-money, ISC added.

Given that, Daniel Wesemann, incident handler at SANS advised organizations to ensure their payroll and Human Resource Development staffs were reiterated about not clicking certain web-links as they were the foremost defense of any organization, published Itnews.com.au dated August 6, 2012.

Moreover, ADP clients must check e-mail logs for perceiving how phishing e-mails were different from genuine e-mails, Wesemann stated.

Overall, the expert recommended end-users to remove their JRE.

Related article: Phishers Are Now Pharming for Greener Pastures

» SPAMfighter News - 8/13/2012