Dell researchers have discovered a new malware, dubbed Skeleton Key which can bypass the authentication process on Active Directory systems.
The research published by Dell SecureWorks Counter Threat Unit (CTU) team this week, identify Skeleton Key malware as a deceiving tool for the hackers to find a way around AD systems’ single factor authentication - in other words, systems that rely on passwords alone for security.
The research team says that hackers can use a password of their choosing to authenticate as any user -- before diving into the network and doing as they please.
Skeleton Key was discovered on a client's network which uses passwords for access to email and VPN services. The malware, once deployed as an in-memory patch on a system's AD domain controller, gave the cybercriminals unfettered access to remote access services. However, legitimate users were able to carry on as normal -- blissfully unaware of the malware's presence or impersonation.
"Skeleton Key's authentication bypass also allows threat actors with physical access to login and unlock systems that authenticate users against the compromised AD domain controllers," CTU researchers said.
So, while an attacker already needs admin access to the network, they can pose as any user without alerting others or restricting access of legitimate users.
However, the set back within the malware is that the need for constant redeployment to operate every time the domain controller is started. Skeleton Key is also believed to only be compatible with 64-bit Windows versions.
"Between eight hours and eight days of a restart, threat actors used other remote access malware already deployed on the victim's network to redeploy Skeleton Key on the domain controllers," the security team says.
According to ZDnet, the malware does not transmit network traffic, so may be more difficult to detect by IDS/IPS intrusion prevention systems -- although it has been implicated in domain replication issues that may indicate an infection. In these cases, a reboot is required to resolve the issue. To prevent the malware from affecting your network, multi-factor authentication is the best way forward.
The French government is likely to intensify the search of cyber-criminals with the launch of a massive surveillance program to track exchanges that pass through social media, covering audio and video communications. Prime Minister Manuel Valls yesterday announced 54 measures his government was considering since the attacks last week on Charlie Hebdo magazine office
A malware called VPNFilter targeted at routers in Ukraine has infiltrated devices in some 54 nations, warns Talos, the cybersecurity division of computer systems company Cisco. "While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control infrastructure dedicated to that country," Anadolu Agency reports quoting an announcement made by Talos
Schiebel’s Camcopter S-100 Integrated on French Navy's Mistral Carrier
Turkey's ASELSAN Wins $195.7M Sub-systems Contract for Pakistan’s Milgem Frigate
German Army to get 1,500 Spike Missiles
Senegal Orders 3 Armed Piriou Offshore Patrol Vessels
Russia Seeks Customers for 6 Upgraded, Former Indian Air Force Su-30 Fighters
Italian Arms Exports to Pakistan Jump four-folds in 1 year
Indonesia Plans F-16 V Fighter Jets Purchase, Russian Su-35 still on Anvil
Boeing admits Parachute 'Deployment Anomaly' in Spaceflight Abort Test
Several joint production and direct procurement programs could be halted if the US and Europe carry through with their threat...
Sanctions-hit Iran has found ingenious ways to develop military hardware
Artificial Intelligence (AI) is rapidly permeating the defence industry to aid and improve human decision-making
Upgrade of Russias Sukhoi Su-30SM fighters to equip them with armaments, radar, sensors and engines from the more powerful Su-35...
US companies sanctioned by China for supplying weapons to Taiwan may be denied rare earth elements (REEs), which have critical...
While the US F-35 stealth aircraft has become one the fastest selling fighter jets in the world aircraft market, thanks...