Cloud-based payroll services are targeted by cybercriminals using Zeus malware. These organisations, which offers payroll services are one of the mostly wanted by hackers, because a lot of money that can be easily stolen. Zeus attacks are intended to transfer large amounts of money to criminals and avoid any interaction from large businesses.
Cyber criminals were revealed to capture screenshots of the webpage offering payroll services from an infected PC. With a simple screen image, the user id, password, even company number and image-based authentication are revealed to cyber crooks. That leads to quite big financial loss for users.
Hackers using a similar method were able to steal $217,000 from a non profit US-based MECA organisation located in Omaha. The victim lost his credential information from this organisation’s payroll system. Unfortunately, at this day there’s no security mechanism to secure corporate users from Zeus attacks. The only way to protect from it is using targeted investigation with signature detection evasion – in this way it’s possible to acquire a foothold inside the systems of organisations.
In addition, such crimeware kits ad SpyEye, Zeus or Eleonore are offered uncountable amount of updates, which followed by an increase in systems targeted by malware. Botnet operators also use malware for getting into the payroll systems for various reasons. Attacks on Ceridian by Zeus malware is a part of this malware scheme