This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

New variant of Zeus targets logins for cloud-based systems

Share this article:

A new variation of the Zeus banking Trojan has been detected, targeting users of cloud-based billing companies.

Researchers at Trusteer said that the new variant of the data-stealing malware affects customers of cloud billing service providers such as Ceridian, a Canadian human resources and payroll firm.

Trusteer's Amit Klein said: “These attacks are designed to route funds to criminals, and bypass industrial-strength security controls maintained by larger businesses. In the attack on Ceridian, Zeus captures a screenshot of a Ceridian payroll services web page when a corporate user (whose machine is infected with the Trojan) visits this website. This allows Zeus to steal the user ID, password, company number and the icon selected by the user for the image-based authentication system.”

It claimed that this type of attack saw the Metropolitan Entertainment & Convention Authority lose $217,000 last year after an employee was targeted by a phishing email and infected with malware that stole access credentials to the organisation's payroll system.

Trusteer said this would become more prevalent because targeting enterprise payroll systems allows an attacker to gain more money than from a person; this would also not raise many red flags as valid login credentials are used and, by targeting a cloud service provider, the enterprise customers who use the service have no control over the vendor's IT systems and thus little ability to protect their backend financial assets.

It also said that cloud services can be accessed using unmanaged devices that are typically less secure and more vulnerable to infection by financial malware, such us Zeus.

Yishay Yovel, vice-president of marketing at Trusteer, told SC Magazine US that this is an attempt to go into different fields as enterprises are trending toward the cloud for their services.

However, he said that blame should not be put on the service providers: “The user systems are compromised, not the banks or the cloud services. Ultimately, financial fraud occurs.”

Last month, Microsoft was able to disrupt command and control servers used by Zeus, but warnings were made that the threat had not gone altogether.

There were also suggestions this week that the creator of the SpyEye Trojan had died recently; a tweet by internet security research firm Team Cymru said the co-author of the malware ‘Krabz' had died of an overdose three weeks ago. It was rumoured that Zeus and SpyEye had merged in 2010.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Banking Trojans target energy sector as APTs

Banking Trojans target energy sector as APTs

Banking Trojans are increasingly being used to launch advanced APT attacks, says IBM Trusteer, which has revealed a recent attack on several petrochemical companies in the Middle East using Citadel ...

Britain's small cyber security firms get £4m boost

Britain's small cyber security firms get £4m boost

Business secretary Vince Cable has launched a new £4 million government competition to help the UK's small cyber security businesses find new ways to combat the cyber threat.

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell spyware

GCHQ 'spied on Germany's Deutsche Telekom'; Germans sell ...

UK and US spies reported to spy on Deutsche Telekom in Snowden documents, while Germany's FinFisher accused of supplying surveillance software to repressive regimes.