After observing several related attacks throughout the past year against Fortune 500 companies, Akamai's Prolexic Security Engineering & Response Team (PLXsert) issued an advisory on Tuesday warning of an evolving, high-risk Zeus crimeware kit threat.
Zeus is still being used for its initial purposes – as a remote harvester of data, such as financial information – but has transformed over time to enable distributed denial-of-service attacks, cryptocurrency mining, and spam delivery, according to the advisory.
The infamous trojan is also being used to orchestrate customized attacks against cloud-based applications through platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures, which have been prime targets for attackers dating back to the second quarter of 2013, David Fernandez, head of PLXsert, told SCMagazine.com in a Thursday email correspondence.
“The main infection vectors are drive-by downloads and phishing campaigns, where users are mislead to click and execute malicious code,” Fernandez said, explaining multiple attacker groups are at work here. “Leaked source code enables any actor to utilize this kit.”
Earlier this month, the Federal Bureau of Investigation and the U.S. Department of Justice announced a multinational effort that resulted in disruption of the Gameover botnet, a variant of Zeus believed to have been used to steal millions of dollars around the world.
The recent takedown of Gameover Zeus "certainly helps, but unfortunately does not eliminate the threat,” Fernandez said. “Universal clean-up efforts by organizations and security awareness training for all employees can drastically reduce this threat.”