14 DAY TRIAL // Security experts have identified a clever attack that has targeted the employees of a major international airport. The operation is relying on the Citadel Trojan to steal virtual private network (VPN) login credentials that can be later used to access internal applications.
VPNs are often used by organizations to ensure that their staffers can securely sign in to the internal systems. However, as Trusteer’s CTO Amit Klein highlights, the credentials utilized to log on to VPNs can be highly valuable to cybercriminals.
The airport, government authorities and all other involved parties have been notified of the attack and immediate measures have been taken to prevent incidents.
So, how do these attacks work?
It starts with a form grabbing mechanism that harvests the username and password entered by the victim. However, the airport uses an extra authentication solution that provides the customer with a one-time PIN via SMS (dual channel), or a 10-digit CAPTCHA displayed on the screen (single channel).
The single channel authentication is enabled if the user selects the “Get Image” option when logging in. The CAPTCHA appears and the customer must map the original password to the characters in the image to create a one-time code.
“This security measure prevents the form grabber from capturing the actual static password. This is where the screen capturing feature in Citadel kicks in,” Klein explains.
“By capturing the image, the attacker uses the permutation of digits, along with the one-time code stolen by the form grabber, to reproduce the static password.”
Unfortunately, such attacks show that even more advanced authentication solutions can be bypassed by clever malware. On the other hand, it highlights the need for strong security policies, which in many cases can protect a company against such threats.
While most of the computers owned by an organization are probably protected by antivirus products, the lack of policies that target the “bring your own device” (BYOD) trend can expose sensitive information.