Feeds

Bank-raid Trojan jury-rigged to pwn 'major airport's network'

Intruder alert

Combat fraud and increase customer satisfaction

A Trojan has targeted airport workers logging into their employer's private network, security researchers have claimed.

Crooks are believed to have modified the bank account-raiding Citadel Trojan, which is also used in ransomeware scams, and deployed it at a "major international airport hub" to access internal applications and files. It is understood officials and relevant government agencies have been warned of the infiltration. In response, the airport disabled remote access to the attacked virtual private network (VPN), according to security software maker Trusteer.

The man-in-the-browser attack, we're told, featured a combination of form grabbing and screen capture techniques to lift employees' usernames, passwords and one-time pass codes generated by an unnamed two-factor authentication vendor, which was has also been notified about the attack.

Trusteer said the affected vendor offered pattern-based authentication and it was this technology that was circumvented to pull off the VPN compromise.

After snapping a copy of the user's screen, the attacker would be able to figure out the permutation of digits, along with the one-time code stolen by the form grabber, to reproduce targeted user's login credentials.

Trusteer said the attack on the airport hub is a new tactic by crooks but not unprecedented. Other enterprises have being targeted by screen-capturing/form grabbing financial malware in the past, it said. Incidentally, the security firm also launched a Citrix-friendly version of Trusteer Rapport for Enterprise, which is supposed to thwart attempts to sniff passwords and other sensitive data. ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.