Despite a multi-nation crackdown on Gameover Zeus last week, Akamai has warned that new variants of Zeus crimeware kit are still in the wild, which could target Fortune 500 enterprises.
Last week, a multi-nation operation led by the US has disrupted Gameover Zeus, a two-year-old botnet which infected between 500,000 and 1 million computers across the globe.
The advisory from Prolexic Security Engineering & Response Team (PLXsert), a unit of Akamai, has warned that malicious actors may use the Zeus crimeware kit to steal login details and hack into web-based enterprise applications or online banking accounts.
Main intention of the Zeus crimeware kit is to infect and control as many hosts as possible to steal sensitive information which usually ends up in identity theft and fraud.
Akamai Security Business Unit senior vice president and general manager Stuart Scholly said the Zeus framework is a powerhouse crimeware kit that enterprises need to know about to better defend against it.
"It’s hard to detect, easy to use, and flexible – and it’s being used to breach enterprises across multiple industries," Scholly said.
The malware kit can help malicious actors steal login details from an infected device, including usernames and passwords which are entered through browsers.
It can allow malicious actors to add more fields to a web form in a legitimate website, to gather additional info from users, including banking pin.
Hackers can also take a screenshot of users’ machines remotely at any time, the researchers added.
The advisory warned that Platform-as-a-service (PaaS) and software-as-a-service (SaaS) vendors can be targeted by the crimeware which may lead to loss of confidential customer information, trade secrets, data integrity and reputation among others.
The new strain of Zeus malware can be unknowingly downloaded by employees, customers and business partners into their enterprise devices which could leave them at the risk of being compromised.
If employees subsequently login from the infected devices through the web, they may end up unknowingly providing confidential information to hackers.
"Zeus is insidious, even in the most secure environments," Scholly added.
"Users are tricked into running programs that infect their devices, so strict enforcement of organizational security policies and user education can help."
"Enterprises are encouraged to develop a rigorous website security profile that includes a web application firewall. This approach can disrupt Zeus communication patterns and help prevent data breaches and file scanning attempts."
