Trey Ford, Global Security Strategist at Rapid7, offers some clarity on the discovery of the Skeleton Key malware.
“Dell Secureworks CTU team has set a wonderful example of how information sharing helps cyber security teams in the real world. They’ve identified a tool that attackers use to bypass authentication controls on a Microsoft Windows network.
“Skeleton Key, as the team has named it, is an in-memory patch that compromises how users identify themselves on a Microsoft Windows domain. This malicious patch must be installed by a Domain Administrator account, which means the attacker needs to steal an admin’s account to get this deployed.
Free Cyber Security Training! Join the revolution today!
“Because the patch is in-memory, Skeleton Key will not survive a reboot. The Dell team has provided very specific details enabling security teams to look for this attack behavior in their environment. This is a great example of meaningful information sharing in our industry.”
By Trey Ford, Global Security Strategist, Rapid7
About Rapid7
Rapid7’s mission is to develop simple, innovative solutions for security’s complex challenges. The company understands the attacker better than anyone and builds that insight into its security software and services. Rapid7’s IT security analytics solutions collect, contextualize, and analyze the security data users need to dramatically reduce threat exposure and detect compromise in real-time. They speed investigations so customers can halt threats and clean up systems fast. Unlike traditional vulnerability assessment or incident management, Rapid7 provides insight into the security state of your assets and users, across virtual, mobile, private and public cloud networks.
The company offers advanced capabilities for vulnerability management, penetration testing, endpoint controls assessment, and incident detection and investigation. Its attacker intelligence is informed by more than 200,000 members of the Metasploit community, the industry-leading Rapid7 Research Labs, and its experienced security services team. Rapid7 is trusted by more than 3,000 organizations across 78 countries, including more than 250 of the Fortune 1000.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.