The Smart Card Alliance released their weak response to the recent Sykipot Tojanattack which hijacked the Department of Defense authentication smartcards. Unlike hypothetical attacks on smartcards (the Chinese Remainder Theorem Attack comes to mind with the use of a microwave oven and a calculator) this is a real threat to the security of one's network and data but not so much to the smartcard itself.
The Sykipot Tojan is taking advantages of the flaws and lack of security in Adobe's PDF documents (zero-day attack) and Microsoft's Windows OS and anti-virus suppliers are not blocking infected attachments.
How are these attacks happening? The attacker sends a phishing or spear phishing email with a malware infected attachment to an unsuspecting person or employee. The employee opens the attachment and launches the attack. The malware is a keylogger that captures the PIN of the smartcard, reads the user's certificates within Windows, and then allows the attacker to use this information to log into unauthorized accounts.
The Smart Card Alliance offers only simplistic security strategies.
Educate users on safe computer and email practices.
Maintain up-to-date anti-virus, -malware and –keylogger software.
Implement user analysis and network forensics tools.
Include multi-factor authentication (I thought that was the whole purpose of the smartcard)
Buy a PIN pad smartcard reader. (Expensive)
Hardening the authentication between user, keyboard, and smartcard. (That's what the OS is suppose to do)
Change your card PIN and certificates (Note: changing certificates can wreak havoc on documents, access rights, etc., that used the older certificate. Plus, the attackers will still have access to the older information.)
No comments:
Post a Comment