Below is a media alert from Trusteer research that has discovered a Zeus attack that focuses on cloud payroll service providers.
In this attack, Zeus captures a screenshot of the payroll services web page when a corporate user whose machine is infected with the Trojan visits this website. This allows Zeus to steal the user id, password, company number and the icon selected by the user for the image-based authentication system.
These attacks are designed to route funds to criminals, and bypass industrial strength security controls maintained by larger businesses. The financial losses associated with this type of attack can be significant.
Trusteer expects to see increased cybercriminal activity using this type of fraud scheme for the following reasons:
- Targeting enterprise payroll systems enables attackers to siphon much larger amounts of money than by targeting individual consumers.
- By stealing login credentials belonging to enterprise users of these payroll services, fraudsters have everything they need to route payments to money mules before raising any red flags.
- Targeting a cloud service provider, the criminals are bypassing tight security mechanisms that are typically employed by medium to large enterprises.
- Cloud services can be accessed using unmanaged devices that are typically less secure and more vulnerable to infection by financial malware (e.g. Zeus).