A new threat advisory from Akamai Technologies, Inc.’s Prolexic Security Engineering & Response Team (PLXsert) alerts Fortune 500 enterprises to a high-risk threat of continued breaches from the Zeus framework.
Malicious actors may use the Zeus crimeware kit to steal login credentials and gain access to web-based enterprise applications or online banking accounts. The advisory is available for download at www.prolexic.com/zeus.
“The Zeus framework is a powerhouse crimeware kit that enterprises need to know about to better defend against it,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. “It’s hard to detect, easy to use, and flexible – and it’s being used to breach enterprises across multiple industries.”
Responsible for recent data breaches
Malicious actors using the Zeus crimeware kit have been responsible for several recent high-profile cybersecurity breaches among Fortune 500 firms. Computers, smart phones and tablets infested with the Zeus bot (zbot) malware become agents for criminals – serving a malicious master, sharing user data and becoming part of a botnet to attack computer systems.
Using the kit, attackers harvest data, such as login usernames and passwords, as entered from a web browser on an infected device.
In addition, an attacker may insert additional fields into the display of a web form on a legitimate website to trick the user into supplying more data than a site usually requires such as a PIN number on a banking site.
Attackers can even remotely request the user’s machine take a screenshot of the current display at any time.
All data requested by the attacker is sent back to a command and control panel where it can be sorted, searched, used or sold. The harvested data is likely to be used for identify theft. It could also be sold to competitors or used to publicly embarrass a firm.
Stealing enterprise access and trade secrets
Many enterprise applications and cloud-based services are accessible from the web. Platform-as-a-service (PaaS) and software-as-a-service (SaaS) vendors are at risk of being victimized and may face the loss of confidential customer information, trade secrets, data integrity, reputation and more.
Employees, customers and business partners may unintentionally download the Zeus malware onto their enterprise computers or personal devices. When they subsequently login from the web using the device, they may inadvertently hand confidential information to malicious actors.
With so many devices already infected, attackers may mine that data for credentials for specific web-based applications or services, bringing together a wealth of information from a large number of users to target a specific site.
Anti-virus software may not detect Zeus malware
The Zeus framework has been used to spread malware and gather information for many years. Its ignoble success is due in large part of its extreme stealth. Files are hidden, content is obfuscated, firewalls are disabled and communication can be distributed.
A Zeus tracking organization estimates that the antivirus detection rate for Zeus is only at 39.5 percent. Even devices with anti-virus software installed may be infected.