By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    data-driven white label SEO
    Does Data Mining Really Help with White Label SEO?
    7 Min Read
    marketing analytics for hardware vendors
    IT Hardware Startups Turn to Data Analytics for Market Research
    9 Min Read
    big data and digital signage
    The Power of Big Data and Analytics in Digital Signage
    5 Min Read
    data analytics investing
    Data Analytics Boosts ROI of Investment Trusts
    9 Min Read
    football data collection and analytics
    Unleashing Victory: How Data Collection Is Revolutionizing Football Performance Analysis!
    4 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Attackers Find Value in the Master Key to Password Managers
Share
Notification Show More
Aa
SmartData CollectiveSmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Uncategorized > Attackers Find Value in the Master Key to Password Managers
Uncategorized

Attackers Find Value in the Master Key to Password Managers

thu@duosecurity.com
Last updated: 2014/12/01 at 5:00 AM
thu@duosecurity.com
4 Min Read
SHARE

A treasure trove of passwords, plus the keys to unlock multiple accounts – open-source password managers and cryptographic software client are being hit with a variant of a banking Trojan, Citadel, as reported by Threatpost.com and discovered by IBM Trusteer Researchers.

A treasure trove of passwords, plus the keys to unlock multiple accounts – open-source password managers and cryptographic software client are being hit with a variant of a banking Trojan, Citadel, as reported by Threatpost.com and discovered by IBM Trusteer Researchers.

More Read

child online safety data

Empowering Parents With Big Data: Ensuring Child Safety And Development

The Top 3 Antivirus Programs for Stopping Data Thieves in their Tracks
VPNs Are Crucial Privacy Protection Tools in the Age of Big Data
Big Data Is Fundamentally Altering the Future of File Transfer Security
The 5 Most Important Criminal DNA And Crime Data Sources

Now instead of targeting specific banking websites and gaining just one set of credentials, attackers are smartly redirecting efforts to gain access to a single application with several account credentials, including the free managers KeePass and Password Safe.

The malware turns on keylogging whenever certain processes associated with the manager and client (including Personal.exe, PWsafe.exe, and KeePass.exe) are running in order to steal the one master password that unlocks a vault of passwords, including automated one-time passwords generated by the service in order to relieve users from memorizing complicated, unique passwords across all of their different applications.

The cryptographic software, neXus Personal Security Client is also being targeted by the same malware variant. The software is a third-party client that provides cryptographic APIs, allowing users to conduct financial transactions, e-commerce and other security services directly from their desktop.

The client also provides support for smart cards, tokens, and PIN-pad readers. One of their case studies listed on their site includes major auto manufacturer, Volkswagon. The company’s security practices include the use of a smart card that allows for Windows login, email encryption and signature, authentication to web applications via browser, login to SAP applications, mainframes and more.

Yet, if an attacker gets access to these authentication clients and password managers, then they could potentially breach corporate networks of major companies and steal intellectual property, delete critical parts of their IT infrastructure, and wreak all types of havoc on the inside.

It’s no surprise that attackers are first targeting a way to get an inventory of passwords, as 61 percent of data breach victims attribute their fraud experience to the breach of their credentials, according to The Consumer Data Insecurity Report (PDF) by Javelin Strategy & Research.

As a report from McAfee on Citadel (variant of Zeus) stated:

The Zeus malware platform was originally designed to steal currency, frequently in small amounts from thousands of victims. Citadel’s developers, however, have clearly recognized that sometimes data, particularly authentication credential data, can be more valuable than currency.

While it’s possible for attackers to steal the primary authentication credentials through these type of malware attacks, you can still stop them with the use of out-of-band two-factor authentication, whether with a smartphone application or the use of a hardware device, like a token.

And naturally, you should set up two-factor authentication with your password managers and authentication client software to ensure criminals can’t access them remotely. 

TAGGED: hackers, passwords, privacy, security
thu@duosecurity.com December 1, 2014
Share This Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

IoT Cybersecurity
4 Common Misconceptions Surrounding IoT Cybersecurity Compliance
Internet of Things
iot and cloud technology
IoT And Cloud Integration is the Future!
Internet of Things
ai in marketing
4 Ways AI Can Improve Your Marketing Strategy
Artificial Intelligence
data security unveiled
Data Security Unveiled: Protecting Your Information in a Connected World
Security

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

child online safety data
Big Data

Empowering Parents With Big Data: Ensuring Child Safety And Development

13 Min Read
top antivirus applications to prevent data theft
Security

The Top 3 Antivirus Programs for Stopping Data Thieves in their Tracks

11 Min Read
data privacy with vpn data security
Privacy

VPNs Are Crucial Privacy Protection Tools in the Age of Big Data

8 Min Read
big data for branding ideas
Big DataExclusiveSecurity

Big Data Is Fundamentally Altering the Future of File Transfer Security

7 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?