Enterprise IT Watch Blog

Apr 12 2012   8:40AM GMT

Watch out! New Trojan attacking payroll services

Michael Tidmarsh Michael Tidmarsh Profile: Michael Tidmarsh

Cybercriminals are on the attack as they have set their sights on a new target: cloud-based payroll service providers.

According to the security firm Trusteer, they have come across a Zeus malware configuration that targets Ceridian, a payroll service provider.

Trusteer’s chief technology officer Amit Klien explains in a blog post how the Trojan is attacking these cloud service providers.

“Zeus captures a screenshot of a Ceridian payroll services webpage when a corporate user whose machine is infected with the Trojan visits this site.  This allows Zeus to steal the user id, password, company number and the icon selected by the user for the image-based authentication system,” he said.

“These attacks are designed to route funds to criminals, and bypass industrial strength security controls maintained by larger businesses,” Klien said.

Ceridian released a statement emphasizing that no security breach on its own servers had occurred and that the vulnerability targets customers’ computers and targets a wide range of SaaS services.

“Ceridian has not experienced a security breach as implied by this article,” Donna Teggart, Ceridian’s director of communications wrote in a statement. “A Zeus infection happens at the customer computer location and will capture all the user’s keystrokes, regardless of the application they are logging into.  Ceridian encourages all individuals and organizations to ensure they are protecting their computers and networks from all threats and virus attacks such as this.”

This could only be the beginning as Trusteer reports cybercriminals are attacking small cloud-based providers to create easier ways to attack larger businesses.

Going forward, this type of threat could continue to grow with substantial potential losses. According to a published report, cybercriminals stole $217,000 from the Metropolitan Entertainment & Convention Authority by accessing their payroll system and adding fake employees to MECA’s payroll system.

Trusteer believes cyberactivity will continue as hackers realize it’s more lucrative to attack payroll systems than individual consumers.

“Targeting payroll systems enables attackers to enterprise to siphon much larger amounts of money than by targeting individual consumers,” Klien said.

Michael Tidmarsh is the Assistant Community Editor for ITKnowledgeExchange.com. He can be reached at Mtidmarsh@techtarget.com. Image by Trusteer.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: