Cloud-based payroll providers warned of new malware risk

News 12 Apr, 2012

Trusteer tells online payroll providers to step up security in wake of emerging malware threat.

Online payroll providers are being told to tighten up their login procedures, following the discovery of a new malware threat by Trusteer.

The security vendor has uncovered a Zeus that targets cloud-based payroll providers, and fears it could be used by cybercriminals to steal large sums of money from companies that use online services.

Trusteer researchers have pinpointed a version of this malware that targets users of Canada-based payroll provider Ceridian, allowing hackers to infiltrate the service.

Targeting payroll systems enables attackers to siphon much larger amounts of money than by targeting individual consumers

The Zeus captures a screenshot of the Ceridian login page when a user infected with the Trojan visits the site. This image records the employee’s username, password, company number and the icon needed to bypass the firm’s image-based authentication system.

In a blog post, highlighting users to the scam, Trusteer said the financial losses associated with this type of attack are significant, as cybercriminals could use it to add fictitious employees to payroll systems and siphon off funds.

“Targeting enterprise payroll systems enables attackers to siphon much larger amounts of money than by targeting individual consumers,” stated the blog.

“[Also] using these valid credentials, fraudsters can also access personal, corporate and financial data without the need to hack into systems, while leaving very little evidence that malicious access is occurring.”

Speaking to IT Pro, Oren Kedem, director of product marketing at Trusteer, said the vendor’s findings should prompt payroll providers to review how they protect customer data.

“They should look at following the example of online banks and the login procedures they have in place. Payroll providers need a similar class of protection,” said Kadem.

“They require many layers of protection that covers them on the client and server side, as well as an additional form of authentication to reduce the risk of attack.”

Steven Malone, chief technology officer at IT security firm Metadigm, said, as cloud adoption grows, service providers will find themselves at greater risk from cybercriminals.

“As organisations and consumers continue to move to the cloud, the attention of malware authors will be firmly focused on the growing number of cloud providers,” Malone told IT Pro.

“Security holes of this kind can affect multiple customers in one attack, which is why it is vital that businesses choose a technology partner who can provide expertise and guidance to protect [customer] goodwill and reputations," he added.