Androvett Legal Media and Marketing
2501 Oak Lawn Avenue  |  Suite 650  |  Dallas, Texas 75219
Tel: 214.559.4630  |  Fax: 214.559.0852


Clients in the News

Client_News

Stroz Friedberg Digital Risk Management Expert Erin Nealy Cox in SC Magazine article
DoD ID cards under attack
 
January 19, 2012

SC Magazine:

A pernicious virus that infects the middleware of smart card readers is attacking users of U.S. Department of Defense (DoD) and Windows smart cards. A variant of the Skyipot trojan, the malware uses a zero-day vulnerability in Adobe software to install a keylogger and obtain the PINs and certificate information from smart cards.

The trojan, first identified by Alienvault Labs, appears targeted at a particular type of application.

“We are talking about smart cards, and specifically the DoD Common Access Card," Jaime Blasco, labs manager of Alienvault, told SCMagazine.com on Tuesday from his office in Madrid. "That is the ID card that every DoD employee has, and they use it to access confidential networks and data across the DoD infrastructures. Thanks to this malware, the attackers have the possibility of stealing the PIN used to use this card, and while the card is inside the reader, they are able to use the card to steal the data they want."

Sykipot is not designed to self-replicate across networks, Blasco added. It is a manual malware that has to be controlled in a per-victim basis, so it is not likely that they use this piece of code for advanced persistent threats or other long-term types of attacks. Rather, he said, it is used for spear-phising and zero-day exploits to gain access to networks.

....

Erin Nealy Cox, managing director and deputy general counsel at Stroz Friedberg, a digital risk management and investigations firm, and a former federal prosecutor, said spear-phishing attacks such as these underscore the importance of educating users in proper safe computing practices. In this case, for example, a user would need to click on an infected PDF file, often in situations where the PDF appears to be a trusted file. Cox said it is essential that employees be trained to look for potential attacks, even on trusted networks.

Digital Risk Management Expert Erin Nealy Cox in SC Magazine article

....

http://www.scmagazine.com/dod-id-cards-under-attack/article/223625/

Copyright SC Magazine


Send this page to a friend