Zeus Goes after Cloud Providers

Friday, June 13, 2014 @ 05:06 PM gHale

The Zeus RAT is going beyond where it normally sees action in the banking environment and is jumping up into the Cloud.

A new threat advisory outlining new payloads from the Zeus toolkit released from researchers at the Prolexic Security Engineering and Response Team (PLXSert).

BlackShades RAT: 100 People Busted
New Version of an Old RAT
One RAT Infects 24,000 Systems Globally
Android RAT on Prowl

In addition to the data theft and financial fraud for which Zeus is famous for, PLXSert found the kit used in crypto-currency mining, spam, distributed denial-of-service (DDoS) attacks, and attacks customized for specific PaaS and SaaS infrastructure.

“Although Zeus/Gameover version reportedly introduced DDoS capabilities, PLXSert has no evidence that the Zeus framework kit can orchestrate significant DDoS campaigns by itself, but if combined with other DDoS toolkits, the capabilities of the Zeus framework would enable malicious actors to use it as a powerful DDoS botnet builder,” the report said.

PLXSert has already seen Zeus used in tandem with popular DDoS kits, including Drive, a variant of Dirt Jumper. The researchers have also seen attackers targeting cloud-based applications through PaaS (Platform as a Service) and Saas (Software as a Service) infrastructures. They said “well-known SaaS/PaaS vendors” have been a target of attacks, but they do not name those vendors.

“By targeting SaaS/PaaS,” the report reads, “cybercriminals take advantage of the resources of both the end users and the providers. The providers’ defense technologies allow the attackers the advantage of gaining anonymity behind the providers’ cloud-based infrastructure.”

Leave a Reply

You must be logged in to post a comment.