Lieberman Software says malware-driven evolution of ransomware highlights need for corporates to raise their security game

8 May 2012

Commenting on the merging of the Citadel trojan with the Reveton ransomware, Lieberman Software says that this use of multiple attack vectors by cybercriminals is almost certainly the result of rising levels of success by the authorities in their battle against online crime.

Philip Lieberman, president of the IT security specialist - and an information security veteran of many years - said that the multiple successful takedowns of botnet servers and Web domain names this year by Microsoft and several law enforcement agencies around the world has undoubtedly affected the income streams of cybercriminal gangs, with predictable results.

"The attack code seen in this latest type of malware attempts to find common credentials to superuser accounts - i.e. where the same password is used on every machine - and which remain persistent over time," he said.

"The net effect of this attack methodology is that the compromise of one system can lead to a general compromise of most - or all - critical systems silently," he added.

The Lieberman Software president went on to say that a properly implemented privileged identity management solution would randomise all the passwords used on the systems on a continuous basis, as well as providing time-limited access to sensitive credentials.

“By using a workflow approval mechanism (third party inspection of a request and granting approvals manually) prior to granting access to sensitive systems, this further reduces the value of these malware solutions to cybercriminals,” he says.

Since few companies use a formal privileged identity management solution, most companies will suffer untold pain from this new generation of malware with little being gained by educating users or using anti-virus plus anti-malware solutions, he adds.

Once the new malware slips in, he explained, it is effectively curtain time for corporate security, as, whilst ransomware itself has been around since the late 1980s, the technique is still pretty much the same today, involving the locking up and/or denying access to computer files until a `ransom' payment is made.

Adding the Citadel trojan to the mix, says Lieberman, is a value-added extra for the cybercriminals as the malware attempts to steal user credentials - regardless of whether the victim stumps up the illegal ransom payment or not.

"And if those credentials include an admin account, then the company is in potentially very serous trouble. The bottom line here is that companies need to start raising their security game through the use of additional layers of technology," he said.

"This is where privileged identity management really comes into its own as, when using this approach to security, even if a user account were to be compromised, then the degree of remote access by cybercriminals can be severely limited," he added.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development