The recent data breach incurred by Global Payments gave new perspective to the risks associated with the increased digitization of financial transactions. Although that incident was an isolated occurrence, Internet security researchers have now discovered a variant of the Zeus Trojan virus that could cause chaos in the financial services sector.
Analysts from Trusteer were first to alert the cybersecurity community to this emerging threat. In a company blog post from Amit Klein last week, it was revealed that a recent attack weathered by a Canadian human resources and payroll services provider displayed the hallmarks of a new strain of malware that appears to be specifically designed to target cloud-based payroll systems.
Essentially, the virus takes a screenshot on infected machines to capture a user's credentials during the login process to the company's website. This sends screen names, passwords, company account numbers and the icon used for image-based authentication directly into the hands of cybercriminals.
Klein elaborated upon a case study from late last year in which cybercriminals stole more than $200,000 from a single company over several months. With login credentials in hand, fraudsters were able to create fictitious employees in the firm's databases and collect their illegal royalties. With a track record of unabated success, data security analysts feared that this could be the start of a popular trend in the hacking community.
"By stealing the login credentials belonging to enterprise users of these payroll services, fraudsters have everything they need to route payments to money mules before raising any red flags," Klein noted. "Using these valid credentials, fraudsters can also access personal, corporate and financial data without the need to hack into systems, while leaving very little evidence that malicious access in occurring."
This clever strategy also takes advantage of the fact that cloud services providers typically do not have comparable data protection measures to those often seen guarding on-premise corporate databases. According to Klein, the relative youth of mobile security is also compounding the dangers, as cloud-based systems enable users to access data through personal smartphones and tablets that have proven increasingly susceptible to malware in recent months.
At this time, Trusteer has suggested that antivirus tools may be inadequate forms of defense considering the robust reconnaissance capabilities displayed by Zeus variants that help uncover zero-day exploits. In the meantime, corporate finance officers would be advised to restrict database access to in-house computers while Internet security teams find ways to thwart malware and reliably lock down all endpoints.
Data Security News from SimplySecurity.com by Trend Micro