Remember when we disscused how passwords were dead? If you needed more proof that this is true, the bad guys have you covered with a new piece of malware that turned up in the wild.
SecureWorks, the security arm of Dell, has discovered the new piece of malware dubbed “Skeleton Key.” The attack consists of installing rogue software within Active Directory, and the malware then allows attackers to login as any user on the domain without the need for further authentication.
It’s important to note that the installation requires administrator access or a flaw on the server that grants such access.
Interestingly, Skeleton Key does not actually install itself on the filesystem. Instead, it’s an in-memory patch of Active Directory which makes detection even more difficult.
Even worse, this access is not logged and is completely silent and, as a result, extremely undetectable. Identifying the malware using traditional network monitoring also does not work due to the fact that Skeleton Key does not generate any network traffic.