Researchers from security firm Cybereason claim that the advanced persistent threat (APT) can enable patient attackers to steal an organisations email passwords over time.
The attack was found by the company when it investigated the email server of an organisation whose security team had spotted behavioural abnormalities.
The hackers installed a back-doored malicious program which was used as part of the authentication mechanism, and was responsible for authenticating users against the Active Directory (A/D) server used in the environment
This enabled the hackers to get all requests in cleartext after SSL/TLS decryption. However, one of the mistakes made by the attackers was to use the weak and outdated DES encryption algorithm in order to store information in a log file. This enabled the investigators to uncover what the attackers were looking for - namely, all the organisations e-mail passwords.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now