IT Security News and Opinion
Saturday May 18th 2013
Auto Discovery Webinar

Malware-driven Evolution of Ransomware Highlights Need to Raise Security Game

Last week’s story about the merging of the Citadel trojan with the Reveton ransomware grabbed my attention. This use of multiple attack vectors by cybercriminals is almost certainly the result of successes by law enforcement in the ongoing battle against online crime.

The takedowns of botnet servers and Web domain names this year by Microsoft and several law enforcement agencies around the world has undoubtedly affected the income streams of cybercriminal gangs, with predictable results.

The attack code seen in this latest malware attempts to find common credentials to superuser accounts – where the same privileged password is used on every machine. It remains persistent over time and overrides normal automatic password change protocols. The net effect of this attack methodology is that the compromise of just one system can lead to a general compromise of most – or all – critical systems silently.

The best defense against such an attack is a properly implemented privileged identity management solution that can randomize the passwords on a continuous basis, and provide time-limited access to sensitive credentials. Using a workflow approvals mechanism prior to granting access to sensitive systems further reduces the value of these malware solutions to cybercriminals.

Since few companies use privileged identity management technology, many organizations may suffer from this new generation of malware, with little being achieved through traditional security measures – such as educating users or utilizing anti-virus and anti-malware products.

Once the new malware slips in, it is effectively curtains for corporate security. Even though  ransomware itself has been around since the late 1980s, the technique is still pretty much the same today, involving the locking up and/or denying access to computer files until a “ransom” payment is made.

Adding the Citadel trojan to the mix is a value-add for the cybercriminals as the malware attempts to steal user credentials – regardless of whether the victim puts up the illegal ransom payment. And if those credentials include an admin account, then the company is in potentially very serous trouble.

This is where privileged identity management comes into its own because, even if a user account were to be compromised, the degree of remote access by cybercriminals can be severely limited.

The bottom line is that organizations need to start raising their security game through the use of additional layers of technology.

What are your thoughts on this attack vector? Leave a comment below. You can also connect with me on LinkedIn or follow my company on Twitter.

FacebookTwitterLinkedInDeliciousTechnorati FavoritesDiggBlogger PostGoogle ReaderShare
Post Published: 11 May 2012
Author: Philip Lieberman
Found in section: Emerging Threats, Latest IT News, Security Best Practices

Tags: , , ,

Previous Topic:
Next Topic:

Leave a Reply


+ 8 = ten

Follow Us

    Follow us on Twitter            Follow us on LinkedIn

  Visit our YouTube Page              Identity Week RSS Feed
Visit the Lieberman Software Website

Archives

Recent Comments

Tags

Administrator Password Application-to-Application Credentials Application Security Cloud Computing Cloud Security CSO cyber-attacks cyber attack Cyber Security data breach Data Breaches Datacenter Security Data Security default password disaster recovery enterprise security Governance Risk and Compliance hacktivism Identity Management insider threat Insider Threats Internet security IT Audit IT Auditing Compliance Reports IT Marketplace IT Outsourcing IT security IT Security Threats online privacy Password Security PCI-DSS Compliance privileged account credentials privileged account management privileged accounts Privileged Identities privileged identity management regulatory compliance RSA Securing Legacy Applications Security Management SIEM smart card smartphone security stolen credit card Stuxnet