ID: IRCNE2012081578
Date: 2012-08-15
According to "techworld", cybercriminals have found a way to circumvent the multi-factor authentication systems used to protect business VPNs, according to security firm Trusteer, which has reported a recent targeted attack on an airport network using this method.
This attack involved an innovative mixture of standard VPN login grabbing using the Citadel Trojan followed by screen scraping to discover the one-time password (OTP) presented by the gateway authentication system.
According to Trusteer, the unnamed authentication system used a dual-channel approach, offering users the choice of having the OTP sent via the PC (in-band) or to a mobile as an SMS (out-of-band).
The Citadel attack would only work where the PC/in-band option was chosen, which in this case happened to be the default access authentication method for airport employees.
“Once an attacker steals a victim’s VPN credentials they can login as the authorized user and have unfettered access to the information and resources associated with the account,” said Trusteer’s Amit Klein, underlining the obvious security threat.
“It also demonstrates how enterprises that rely on strong authentication approaches are still at risk from targeted attacks if they lack cybercrime prevention security on endpoint devices,” he said.
- 3