Citadel, a particularly potent strain of banking malware, has been pestering IT security consultants for the last two years. ThreatPost reports that the latest strain has found a way to return to machines it's been deleted from.
Like a cockroach infestation that keeps coming back, Citadel malware has survived two years of dedicated attempts to eradicate it. In 2012, Microsoft and security researchers were able to remove 88 percent of the botnet network, but it turns out that wasn’t enough.
To understand why this malware keeps living to fight another day, let's take a look at what makes it different.
What Citadel Tells Us about the Future of Malware and Cyber Liability
Citadel has had such a long shelf life because hackers developed this malicious software differently than other malware. Citadel is an offshoot of Zeus (another big, bad malware), but hackers made the Citadel code open source. They also cultivated an online community of cyber criminals who are constantly developing variants and adding features to the already potent cyber weapon.
Citadel is able to survive deletion because it’s bundled with software that allows hackers to remotely access computers. That means…
- There’s always an open door for attacks. Thanks to remote access, cyber criminals can add an administrative account to the user's computer, which gives them a back door to enter – even when the malware is wiped off the computer.
- The remote access capability is difficult to stop. Many anti-malware programs scan for scripts and functions that look like criminal activity. However, running a Virtual Network Connection (VNC) doesn't trip any sensors. In fact, many IT contractors use VNCs to perform routine maintenance.
In other words, once the malware gets in, it begins to do damage in a way most security software won't recognize. By leaving a back door open, the malware can come back whenever a cyber criminal wants.
Takeaways from the Citadel Attack
As cyber attacks evolve, so does the methodology of cyber criminals. In the case of the Citadel malware, cyber criminals were able to use open-source development to leverage the abilities of many hackers to make a better cyber weapon.
In our post, "Symantec Says Anti-Virus Is Dead. What This Means for Your Clients," we explored how the cyber security industry is growing skeptical about the ability of anti-malware software to catch in-the-wild attacks. The resurrection of Citadel suggests that Symantec's skepticism might be justified. Anti-malware software has some benefits, but hackers are always going to innovate and find ways to slip past defenses. This means…
- IT consultants live and work in an industry of constant risk. Any of your clients could be hit with a new zero-day attack – one that outsmarts security software and standard IT protocol.
- IT consultants have to plan for the worst-case scenario. Because you're constantly exposed to risk, you need to invest in ways to protect yourself (e.g., carrying adequate insurance).
Many IT contracts require you to have Errors and Omissions Insurance (aka Professional Liability Insurance), which covers the cost of a lawsuit if a client sues your business for a malware attack, data breach, or problem with your IT work.
With a limited budget for IT security, you might not be able to protect your clients from every cyber attack out there. However, you can protect your company from the financial fallout when your client blames their losses on you.
For free E&O and other IT insurance quotes, submit an online insurance application.