This has not been a good year for passwords. It seems like every other week, a newly discovered vulnerability or cyberattack came with a disclaimer: “Change your password!” Or, in the case of Heartbleed: “Change your passwords – but wait until after we fix the bug!”
If that wasn’t enough to make your head spin, there were the inevitable post cyber-event emails I would get from password management companies that touted the security of their systems. Plus, they offer you the benefit of having to remember only one password instead of dozens.
However, according to ZDNet, with a new variant of malware known as Citadel, the security of passwords has been handed another blow, and this time it comes in the way of the password management systems:
The configuration activates key logging when certain processes are running on the infected machine. The malware is designed to steal the "master password" that protects access to the database of the end-user's passwords.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
This particular malware targets open source password management systems—2014 hasn’t been a good year for open source systems, either.
As an eSecurity Planet article pointed out, password management systems are a logical target for cybercriminals. For the price of one password, the criminal gets a treasure trove of passwords and information about potential victims.
So once again, we’re seriously looking at the security of passwords and the real need to come up with something better. At the same time, Dana Tamir, director of enterprise security at IBM-Trusteer, which discovered the newest configuration of Citadel, told CRN that we need to be concerned about this particular piece of malware:
It might be an opportunistic attack, where the attackers are trying to see which type of information they can expose through this configuration, or a more targeted attack in which the attackers know that the target is using these specific solutions.
Tamir also predicted that one in 500 computers is already infected with the Citadel malware, and stated in a Threatpost blog:
Since millions of machines are already infected with Citadel, it is easy for attackers to take advantage of this malware in new cyber schemes. All attackers need to do is provide a new configuration file to the millions of existing instances and wait for infected machines to access the targets.
Of course, cybercriminals will take advantage of whatever they can in order to steal valuable information, and right now, their easiest targets continue to be passwords. And that won’t stop until someone comes up with a truly better access and authentication system.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba