How to prepare for the emerging threats to your systems and data
A comprehensive collection of articles, videos and more, hand-picked by our editors
I read about a new variant of the Citadel malware that's designed to compromise password management and authentication...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
products. How does it work, and what are the best ways to prevent it? Does it change whether we should allow staff to use self-managed password-management tools?
Passwords were the easiest authentication measure to deploy when multi-user systems first came out. However, once people needed to remember one, the habit of writing passwords down on paper started -- and stuck with us.
While passwords and the writing down of passwords are not inherently insecure, getting people to do so securely is difficult.
When password managers came out, some people were concerned about the inherent insecurity of storing passwords on endpoint computers (some single-sign-on systems have a built-in password manager to create the single sign-on experience for users). Though password managers are beneficial for users to maintain passwords securely, such programs create an additional avenue to capture passwords on a compromised computer.
A password malware variant of the Citadel Trojan that recently came on the scene looks to have the functionality to capture passwords from password managers. A configuration file left behind after a computer was compromised was analyzed by IBM Trusteer researchers who determined the malware had keylogging functionality to capture "master passwords" and ultimately unlock the password manager.
Knowing if this was a targeted or opportunistic attack would be helpful in predicting how soon this functionality will be adopted by non-high resource attackers. As of now, researchers are unsure how the password malware ended up on the infected device.
Regardless, steps can be taken to protect against the Citadel malware. Keeping systems up to date with patches, using a modern antimalware product, running systems with least privilege and being careful of phishing attacks are critical mitigations.
Password managers rely on the underlying security of the system. While multifactor authentication could be used to improve access to the password manager, copying a password from the password manager into an application will still be risky, just like any other sensitive data in memory.
Ask the Expert:
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now. (All questions are anonymous.)
Check out SearchSecurity's latest malware news and advice
Download this whitepaper on authentication methods
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.