Five Tips to Avoid Falling Victim to Online Scammers This has not been a good year for passwords. It seems like every other week, a newly discovered vulnerability or cyberattack came with a disclaimer: “Change your password!” Or, in the case of Heartbleed: “Change your passwords – but wait until after we fix the bug!” […]
Five Tips to Avoid Falling Victim to Online Scammers
This has not been a good year for passwords. It seems like every other week, a newly discovered vulnerability or cyberattack came with a disclaimer: “Change your password!” Or, in the case of Heartbleed: “Change your passwords – but wait until after we fix the bug!”
If that wasn’t enough to make your head spin, there were the inevitable post cyber-event emails I would get from password management companies that touted the security of their systems. Plus, they offer you the benefit of having to remember only one password instead of dozens.
However, according to ZDNet, with a new variant of malware known as Citadel, the security of passwords has been handed another blow, and this time it comes in the way of the password management systems:
The configuration activates key logging when certain processes are running on the infected machine. The malware is designed to steal the “master password” that protects access to the database of the end-user’s passwords.
This particular malware targets open source password management systems—2014 hasn’t been a good year for open source systems, either.
As an eSecurity Planet article pointed out, password management systems are a logical target for cybercriminals. For the price of one password, the criminal gets a treasure trove of passwords and information about potential victims.
So once again, we’re seriously looking at the security of passwords and the real need to come up with something better. At the same time, Dana Tamir, director of enterprise security at IBM-Trusteer, which discovered the newest configuration of Citadel, told CRN that we need to be concerned about this particular piece of malware:
It might be an opportunistic attack, where the attackers are trying to see which type of information they can expose through this configuration, or a more targeted attack in which the attackers know that the target is using these specific solutions.
Tamir also predicted that one in 500 computers is already infected with the Citadel malware, and stated in a Threatpost blog:
Since millions of machines are already infected with Citadel, it is easy for attackers to take advantage of this malware in new cyber schemes. All attackers need to do is provide a new configuration file to the millions of existing instances and wait for infected machines to access the targets.
Of course, cybercriminals will take advantage of whatever they can in order to steal valuable information, and right now, their easiest targets continue to be passwords. And that won’t stop until someone comes up with a truly better access and authentication system.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
