Dell researchers have discovered a new malware, dubbed Skeleton Key which can bypass the authentication process on Active Directory systems.
The research published by Dell SecureWorks Counter Threat Unit (CTU) team this week, identify Skeleton Key malware as a deceiving tool for the hackers to find a way around AD systems’ single factor authentication - in other words, systems that rely on passwords alone for security.
The research team says that hackers can use a password of their choosing to authenticate as any user -- before diving into the network and doing as they please.
Skeleton Key was discovered on a client's network which uses passwords for access to email and VPN services. The malware, once deployed as an in-memory patch on a system's AD domain controller, gave the cybercriminals unfettered access to remote access services. However, legitimate users were able to carry on as normal -- blissfully unaware of the malware's presence or impersonation.
"Skeleton Key's authentication bypass also allows threat actors with physical access to login and unlock systems that authenticate users against the compromised AD domain controllers," CTU researchers said.
So, while an attacker already needs admin access to the network, they can pose as any user without alerting others or restricting access of legitimate users.
However, the set back within the malware is that the need for constant redeployment to operate every time the domain controller is started. Skeleton Key is also believed to only be compatible with 64-bit Windows versions.
"Between eight hours and eight days of a restart, threat actors used other remote access malware already deployed on the victim's network to redeploy Skeleton Key on the domain controllers," the security team says.
According to ZDnet, the malware does not transmit network traffic, so may be more difficult to detect by IDS/IPS intrusion prevention systems -- although it has been implicated in domain replication issues that may indicate an infection. In these cases, a reboot is required to resolve the issue. To prevent the malware from affecting your network, multi-factor authentication is the best way forward.
The French government is likely to intensify the search of cyber-criminals with the launch of a massive surveillance program to track exchanges that pass through social media, covering audio and video communications. Prime Minister Manuel Valls yesterday announced 54 measures his government was considering since the attacks last week on Charlie Hebdo magazine office
A malware called VPNFilter targeted at routers in Ukraine has infiltrated devices in some 54 nations, warns Talos, the cybersecurity division of computer systems company Cisco. "While this isn't definitive by any means, we have also observed VPNFilter, a potentially destructive malware, actively infecting Ukrainian hosts at an alarming rate, utilizing a command and control infrastructure dedicated to that country," Anadolu Agency reports quoting an announcement made by Talos
Raytheon Bags US Army's $314 Patriot Modernization Contract
New Laser-based Anti-Drone System Installed on US Destroyer
Naval Group Develops Underwater-Overland Drone Coordination Solution
Army Scientists Develop Tech to Build 3D Printed Parts in Battlefield
Mobile Phone Led Israelis to Destory Pantsir-S Air Defence Battery in Syria
China’s Z-10 Attack Helicopter Upgraded with Powerful Engine
Japan's F-X Stealth Fighter to Rival US' F-22
Russia Developing New Attack Helicopter ‘Airborne Combat Vehicle’
Several joint production and direct procurement programs could be halted if the US and Europe carry through with their threat...
Sanctions-hit Iran has found ingenious ways to develop military hardware
Artificial Intelligence (AI) is rapidly permeating the defence industry to aid and improve human decision-making
Upgrade of Russias Sukhoi Su-30SM fighters to equip them with armaments, radar, sensors and engines from the more powerful Su-35...
US companies sanctioned by China for supplying weapons to Taiwan may be denied rare earth elements (REEs), which have critical...
While the US F-35 stealth aircraft has become one the fastest selling fighter jets in the world aircraft market, thanks...