Skeleton Key Malware Targets Corporate Networks - How to, Technology and PC Security Forum | SensorsTechForum.com

Skeleton Key Malware Targets Corporate Networks

Skeleton Key MalwareDell researchers report about a new piece of malware, dubbed Skeleton Key, which can bypass authentication on Active Directory systems.

The Dell team says that the Skeleton Key allow the attackers to avoid detection by AD systems with single factor authentication. Such systems rely only on passwords. The cyber criminals can pick any password and login as any user in order to do whatever they please online.

Skeleton Key was first detected on a network that uses passwords to access email accounts and VPN services. Once active as an in-memory patch on the AD domain controller of the system, the malware gives the attackers unlimited access to services. The users can carry on with their activities without being aware of the malware’s presence in the system.

Download a FREE System Scanner, to See If Your System Has Been Affected By Skeleton Key.

The researchers report that treat actors that have physical access to the infected machine can login and unlock systems that authenticate PC users against the infected AD domain controllers.

This way the cyber crooks can pose as any user without drawing attention to their activities or restricting the legitimate users’ access. The attack is anything but sophisticated, but it can be used to pose as company’s manager, an HR director, or basically as anyone the attacker wants to impersonate without raising suspicion. More importantly, the crooks can take over sensitive information.

Skeleton Key does not transmit network traffic, which makes it hard to be detected by IDS/IPS intrusion prevention systems.

Skeleton Key has another weakness – there is a constant need for redeployment to operate each time the domain controller gets started. Researchers believe that the malware is compatible with 64-bit Windows versions only.

The researchers say that at some point the threat actors used other remote access malware already activated on the victim’s network to redeploy Skeleton Key on the domain controllers.

To prevent a Skeleton Key infection, experts recommend using multi-factor authentication.

donload_now_250

Spy Hunter FREE scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool. Find Out More About SpyHunter Anti-Malware Tool

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.