PLXsert warns Fortune 500 companies of evolving Zeus threat

Share this article:
Fraudsters have targeted gaming platform Steam by using man-in-the-browser style attacks.
The Zeus crimeware kit is being used to target SaaS and PaaS infrastructure.

After observing several related attacks throughout the past year against Fortune 500 companies, Akamai's Prolexic Security Engineering & Response Team (PLXsert) issued an advisory on Tuesday warning of an evolving, high-risk Zeus crimeware kit threat.

Zeus is still being used for its initial purposes – as a remote harvester of data, such as financial information – but has transformed over time to enable distributed denial-of-service attacks, cryptocurrency mining, and spam delivery, according to the advisory.

The infamous trojan is also being used to orchestrate customized attacks against cloud-based applications through platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures, which have been prime targets for attackers dating back to the second quarter of 2013, David Fernandez, head of PLXsert, told SCMagazine.com in a Thursday email correspondence.

“The main infection vectors are drive-by downloads and phishing campaigns, where users are mislead to click and execute malicious code,” Fernandez said, explaining multiple attacker groups are at work here. “Leaked source code enables any actor to utilize this kit.”

Earlier this month, the Federal Bureau of Investigation and the U.S. Department of Justice announced a multinational effort that resulted in disruption of the Gameover botnet, a variant of Zeus believed to have been used to steal millions of dollars around the world.

The recent takedown of Gameover Zeus "certainly helps, but unfortunately does not eliminate the threat,” Fernandez said. “Universal clean-up efforts by organizations and security awareness training for all employees can drastically reduce this threat.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.