MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious

How to Protect Your Network from Skeleton Key Attacks

Published on 20 October 15
473
0
2

Protecting your data from Skeleton Key malware attacks is essential to maintaining a healthy network. A new breed of attacks bypasses standard authentication, granting hackers access to systems without the need for a password.

About Skeleton Key Attacks

Skeleton Key attacks exploit weaknesses in Microsoft Active Directory systems, granting attackers access to practically every network service that relies on Active Directory for authentication. The malware can assume any network identity without knowing any passwords. Skeleton Key reportedly causes no problems for authorized users of infected systems, so attacks might go unnoticed for a while, after infection.

Initial reports of Skeleton Key malware suggest attack does not persist after an infected server reboots, making it easy to remove quickly the threat once detected. Of course, prevention offers the best way to defeat Skeleton Key attacks, so take a few simple precautions:

⢠Safeguard Your Servers. Perform a thorough security review to make sure your domain controllers and other systems using Active Directory have as many physical and virtual restrictions as possible. Only users who need access to particular network resources should have access to them. Physical security might mean securing servers inside a locked equipment cabinet or room.

⢠Restrict User Accounts. Threats can enter your network through administrator workstations that access email and other Internet resources. Having administrator credentials gives malware a head start toward its mission. To reduce the exploitation of administrator logins, managers should use separate accounts for administrative functions and general duty.

⢠Use Two-Factor-Authentication. Traditional password authentication has become compromised to the extent that business should require two-factor authentication for all logins. Two-factor authentication defeats Skeleton Key attacks and eliminates most problems associated with password theft, user spoofing, and hijacks.

Recognizing Skeleton Key Events

Traditional intrusion detection schemes do not catch Skeleton Key attacks because they donât initiate network activity. According to Dell, however, you can detect the presence of Skeleton Keys by looking for replication errors using Microsoft tools or third-party utilities.

Another method for uncovering Skeleton Keys calls for evaluating the use of PsExec.exec on Active Directory servers. Skeleton Keys often use infected PsExec executable files to become resident in memory. A specialist from Stealthbits reports that log files and system audits can often uncover PsExec irregularities that can warn administrators of a Skeleton Key attack.

Until you beef-up user authentication on your networks, Skeleton Keys promise to present a threat from outside and within. By taking steps you take to harden your systems through restricted access and robust authentication, you can prevent damages caused by Skeleton Key malware.



Protecting your data from Skeleton Key malware attacks is essential to maintaining a healthy network. A new breed of attacks bypasses standard authentication, granting hackers access to systems without the need for a password.

About Skeleton Key Attacks

Skeleton Key attacks exploit weaknesses in Microsoft Active Directory systems, granting attackers access to practically every network service that relies on Active Directory for authentication. The malware can assume any network identity without knowing any passwords. Skeleton Key reportedly causes no problems for authorized users of infected systems, so attacks might go unnoticed for a while, after infection.

Initial reports of Skeleton Key malware suggest attack does not persist after an infected server reboots, making it easy to remove quickly the threat once detected. Of course, prevention offers the best way to defeat Skeleton Key attacks, so take a few simple precautions:

⢠Safeguard Your Servers. Perform a thorough security review to make sure your domain controllers and other systems using Active Directory have as many physical and virtual restrictions as possible. Only users who need access to particular network resources should have access to them. Physical security might mean securing servers inside a locked equipment cabinet or room.

⢠Restrict User Accounts. Threats can enter your network through administrator workstations that access email and other Internet resources. Having administrator credentials gives malware a head start toward its mission. To reduce the exploitation of administrator logins, managers should use separate accounts for administrative functions and general duty.

⢠Use Two-Factor-Authentication. Traditional password authentication has become compromised to the extent that business should require two-factor authentication for all logins. Two-factor authentication defeats Skeleton Key attacks and eliminates most problems associated with password theft, user spoofing, and hijacks.

Recognizing Skeleton Key Events

Traditional intrusion detection schemes do not catch Skeleton Key attacks because they donât initiate network activity. According to Dell, however, you can detect the presence of Skeleton Keys by looking for replication errors using Microsoft tools or third-party utilities.

Another method for uncovering Skeleton Keys calls for evaluating the use of PsExec.exec on Active Directory servers. Skeleton Keys often use infected PsExec executable files to become resident in memory. A specialist from Stealthbits reports that log files and system audits can often uncover PsExec irregularities that can warn administrators of a Skeleton Key attack.

Until you beef-up user authentication on your networks, Skeleton Keys promise to present a threat from outside and within. By taking steps you take to harden your systems through restricted access and robust authentication, you can prevent damages caused by Skeleton Key malware.

Post a Comment

Please notify me the replies via email.

Important:
  • We hope the conversations that take place on MyTechLogy.com will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url

Back to Top