

Ceridian login screen example

Source: Trusteer

Users of cloud-based payroll systems are being targeted by Zeus-based trojans according to a report by Trusteer. The security specialist says that it came across a Zeus trojan configured to capture a screenshot of the login screen of Ceridian, a Canadian payroll and HR services provider. The login screen contains a "security image" and company number, which are captured in the screenshot and which, along with the traditionally key captured user id and password, provide the attackers with full credentials to the payroll service.

Trusteer gave an example of an attack last August where $217,000 was stolen through the payroll system of the Metropolitan Entertainment and Convention Authority (MECA), though according to a report on that attack, $147,000 was taken in a single unauthorised wire transfer which was later reversed. Final losses still amounted to $70,000 which was funneled through fake "work-at-home" schemes which use participants as money mules. This attack was also in Omaha, not Canada, did not involve Ceridian payroll services and was made easier by MECA's refusal to use the security options offered by its bank, First National Bank of Omaha.

Trusteer do believe though, that attacks targeting payroll and other enterprise level financial services will increase as they allow criminals access to steal larger amounts than they could access from an individual and give the attacker credentials which can route payments to money mules before raising red flags.

(djwm)