Penetrate Airport VPN through Citadel Malware

The citadel Trojan which is best called for its recent delivery of the Reveton ransomware has come up with a new type, as per the trusteer which nowadays launched a citadel-based man-in-the-browser (MitB) attack aimed against virtual private network (VPN) via employees at a major international airport.

Trusteer quickly identify the airport officials and the related government agencies of this attack and due to the sensitive nature of these systems, the airport urgently disabled remote employee access via VPN - the airport's website is presently shut down.

For attackers, airports are target-rich environment. Special thanks to their open wireless network and the large population of the temporary users who are all too keen to utilize them. Man-in-the-middle attacks on airports public networks are widespread, but this scrupulous attack on airports public networks or users' but as an alternative went after the airport's employees and their remote-access application. Attackers deal is to win access to corporation's VPN system as she once comes in as a genuine user, she benefit from all of the access and rights on the network that the mistreated the user.

In the above case, two of the famous methods were used to get out of the security measures, the airport had made off the victims' VPN credentials.

A combined form of grasping and screen capturing methods are utilized to rob the victim's password, username, and the one-time pass code automated by a strong authentication product.

The first part of the attack forms grabbing to hack the username and the password placed into the login screen. The second part of the attack is dependent on screen capture skills that depend on taking a snapshot of the image accessible to the victim by the strong verification product.

"We have observed this before, although this it is not very common." Commented by George Tubin, a senior security strategist for trusteer, who sees the last episode as evident of how the government and private sector have been fighting a losing against even more good cybercriminals, reported buisnessweek.com dated August 15, 2012. "Frankly, it's method too easy for hackers to get employee credentials and exploit them. For the most part, industry is not doing a very good job protecting against these types of threats."

» SPAMfighter News - 8/21/2012