Trusteer Uncovers Malware Attack on Airport VPN
The attack was designed to steal airport employees' credentials in order to gain access to internal airport applications.
Trusteer researchers recently discovered a Man in the Browser (MitB) attack targeting VPN users at a major airport.
"Using the Citadel Trojan, criminals are targeting employees to steal their credentials for accessing internal airport applications," writes Trusteer CTO Amit Klein. "Trusteer has notified airport officials and the relevant government agencies of this attack. Due to the sensitive nature of these systems, the airport immediately disabled remote employee access through this VPN site -- the site is currently down."
"Man-in-the-middle attacks on airports' public networks are common, but this particular attack didn't target the public network or users but instead went after the airport's employees and their remote-access application," writes Threatpost's Dennis Fisher. "Getting access through any corporation's VPN system is a huge win for an attacker, because once she comes in as an authenticated user, she enjoys all of the access ad privileges on the network that the victimized user does."
"MitB malware is usually financially motivated," Infosecurity reports. "Its most common purpose is to steal bank credentials rather than VPN credentials. Infosecurity asked Trusteer for its thoughts on the motivation for this attack. 'The technology is MitB -- however the motivation is not necessarily financial,' said Oren Kedem, director of product marketing. He listed a range of possible targets, including access to the air traffic control system, and building infrastructure plans."