Feeds

New ZeuS-based Trojan leeches cash from cloud-based payrolls

Adds phishing mules to employee roster

Security for virtualized datacentres

Cybercrooks have forged a ZeuS-based Trojan that targets cloud-based payroll service providers.

ZeuS, a favourite tool for financially motivated cybercrooks, has provided a straightforward way to harvest online banking credentials for years. A new attack, detected by transaction security firm Trusteer, shows that crooks are going up the food chain.

Trusteer researchers have captured a ZeuS configuration that targets Ceridian, a Canadian human resources and payroll services provider. The ZeuS-based Trojan works by capturing a screenshot of the payroll services web page when a malware-infected PC is used to visit the site. This information is uploaded, allowing crooks to obtain the user ID, password, company number and the icon selected by the user for the image-based authentication system – enough information to siphon funds from compromised accounts into those controlled by money mules, as explained in a blog post here.

Trusteer reckons crooks are targeting the small cloud service provider in order to get around the tougher problem of how to bypass industrial strength security controls that are typically maintained by larger businesses. Cloud services can be accessed using unmanaged devices that are typically less secure and more vulnerable to infection by ZeuS-style financial malware.

The financial losses associated with this type of attack are potentially huge. For example, last August cyberthieves reportedly stole $217,000 from the Metropolitan Entertainment & Convention Authority (MECA) after compromising its payroll system and adding money mules as employees. A MECA worker reportedly fell for a phishing email that allowed crooks to steal access credentials to the organisation's payroll system.

Hitting payroll providers is certainly far more lucrative than targeting individual consumers, according to Trusteer, which predicts a growth in this type of attack as a result. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.