The evil banking Zeus Trojan is fighting dirty. No it’s not slinging sand at the local playground. It’s the world of online corporate payroll. Canadian payroll giant Ceridian is the latest victim of Zeus. And this attack in the cloud represents a whole new territory for this incredibly clever piece of malware. Once thought to be a safer haven than physical networks, the cloud has now become an ideal target for cybercrime.
Once a machine is infected with the Trojan, it grabs a screenshot of the payroll page during log-in. The intelligent Trojan steals the user id, password, company number, and even the icon used for image-based authentication. So what’s the big deal? Are they out to steal your hard earned paycheck? Not exactly.
The big threat is the cybercriminal’s ability to add fake employees to the payroll and siphon out heaps of money from unsuspecting corporations. The financial losses can add up to astounding numbers in the blink of an eye. Take the recent Olaniyi Jones case. He’s wanted in the US for a conspiracy to steal $3.2 million from payroll companies and banks.
The case bears remarkable similarities. ADP and Intuit offered clients the ability to manage payroll in the cloud and in January 2010, the 6-person Olaniyi gang gained unauthorized access. With valid credentials, they were able to add phony employees to the payroll accounts and transfer out piles of money.
Online financial fraud is nothing new, but this type of attack is particularly interesting for a few reasons. Firstly, stealing legitimate login credentials allows criminals to carry out theft stealthily with little evidence, while also accessing gobs of other financial data, including both corporate and personal banking info. And then there’s the fact that targeting large corporations opens the door the large pots of money.
Lastly, there’s the twist on security. Sure cloud-based environments eliminate the threats of a physical network that can be hacked using sophisticated malware. But it also means that the service is managed by another company whose security measures may be in question. And there’s an added risk if your employees might access the cloud from their local Starbucks with free Wi-Fi… who knows who could be shoulder surfing with their extra-hot-no-foam-venti-caramel-macchiato?