There is a new threat on the loose called “Skeleton Key” malware and it has the ability to bypass your network authentication on Active Directory systems.
The Skeleton Key malware allows hackers to bypass on Active Directory systems that are using single factor authentication. Many organizations are relying on passwords alone for security and “Skeleton Key” is counting on it. This new malware allows hackers to use their own password to authenticate on a network.
Skeleton Key was discovered on a network which uses single factor authentication (passwords) for access to email and VPN services. The malware was deployed as an in-memory patch on a system’s Active Directory domain controller. This patch gave hackers access to remote access services while legitimate users were able to carry on as normal unaware of the security breach.
Many hackers choose the path of breaking into networks and gaining admin access however this malware is different. Now hackers breach the network with this stealth attack and pose as any user without alerting anyone or raising any red flags.
What can a hacker do with skeleton key malware?
The consequences can be great for any organization. A hacker can attack your network and pose as an HR director or accounts manager and access the personal data of employees, clients and partners. Or they can pose as a CFO and access emails, financial data and much more information that can be damaging to the organization. Organizations must remember that new age hackers are strictly concerned with information.
How do you protect your organization from skeleton key malware?
As security experts continue to investigate and research the latest malware, there has been some in roads already on how Skeleton Key malware operates. One weakness is the need for constant redeployment to operate every time the domain controller is started. Experts also believe that skeleton key is only compatible with 64-bit Windows versions.
One advantage that Skeleton Key has on IT support services teams is that it does not transmit network traffic therefore making it more difficult to detect for organizations using intrusion detection and prevention systems (IDPS). Many IT consultants have noticed if there is a domain replication issue, this may indicate that Skeleton Malware has infected the network. A simple reboot will resolve the issue.
To prevent the Skeleton Malware from affecting your network with stealth attacks, your organization should consider using multi-factor authentication to protect the network.