Bank-raid Trojan jury-rigged to pwn 'major airport's network'
Intruder alert
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
A Trojan has targeted airport workers logging into their employer's private network, security researchers have claimed.
Crooks are believed to have modified the bank account-raiding Citadel Trojan, which is also used in ransomeware scams, and deployed it at a "major international airport hub" to access internal applications and files. It is understood officials and relevant government agencies have been warned of the infiltration. In response, the airport disabled remote access to the attacked virtual private network (VPN), according to security software maker Trusteer.
The man-in-the-browser attack, we're told, featured a combination of form grabbing and screen capture techniques to lift employees' usernames, passwords and one-time pass codes generated by an unnamed two-factor authentication vendor, which was has also been notified about the attack.
Trusteer said the affected vendor offered pattern-based authentication and it was this technology that was circumvented to pull off the VPN compromise.
After snapping a copy of the user's screen, the attacker would be able to figure out the permutation of digits, along with the one-time code stolen by the form grabber, to reproduce targeted user's login credentials.
Trusteer said the attack on the airport hub is a new tactic by crooks but not unprecedented. Other enterprises have being targeted by screen-capturing/form grabbing financial malware in the past, it said. Incidentally, the security firm also launched a Citrix-friendly version of Trusteer Rapport for Enterprise, which is supposed to thwart attempts to sniff passwords and other sensitive data. ®
COMMENTS
Re: Knowing which airport is kind of important to me
I would too, but we're not likely to know because your second assumption is wrong.
Airlines at the very least tend to have razor thin margins. To the point that there's a standing joke that the best easiest way to become a millionaire is to invest a billion in an airline. Some airports do have competition. And I can imagine a few people who'd be willing to take an alternate for of transportation to a different airport to avoid the hacked one. I'm fortunate enough to have 3 readily accessible airports from my home. So you can bet if I knew it was any of them, that specific airport would be off my list for a long time.
Re: Legislation is needed to keep us safe.
I propose the following legislation:
In the event of a security breach at a facility supplying critical services, including, but not limited to, power, communications, water, sanitary sewer, fuel pipelines, healthcare facilities and transportation facilities; the CEO and CIO, and where employed, the CSO shall be executed by firing squad in the event of a preventable breach.
Need I say more?
Why are we ignoring cyber terrorism?
Every day we hear about more and more attacks against critical infrastructure. It concerns me to think of the number of lives that need to be lost in order to get the attention of those with the power to protect us. Legislation is needed to keep us safe. Hopefully it doesn't take another 9/11 magnitude event to wake them up!
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
