Wednesday, January 14, 2015
'Skeleton Key' malware unlocks corporate networks
The Dell SecureWorks Counter Threat Unit (CTU) team published their findings in an advisory notice this week.
According to the security researchers, the "Skeleton Key" malware allows cybercriminals to bypass AD systems which only implement single factor authentication -- in other words, systems that rely on passwords alone for security. The team says that hackers can use a password of their choosing to authenticate as any user -- before diving into the network and doing as they please.
Skeleton Key was discovered on a client's network which uses passwords for access to email and VPN services. The malware, once deployed as an in-memory patch on a system's AD domain controller, gave the cybercriminals unfettered access to remote access services. However, legitimate users were able to carry on as normal -- blissfully unaware of the malware's presence or impersonation.
"Skeleton Key's authentication bypass also allows threat actors with physical access to login and unlock systems that authenticate users against the compromised AD domain controllers," CTU researchers say.
Read more here.