Access cards used by US government agencies have been attacked by a malware strain known as Sykipot. AlienVault managed to investigate the hackings and discovered that “these attacks originate from servers in China with what appears to be the purpose of obtaining information from the defense sector: the same sector that makes extensive use of PC/SC x509 Smartcards for authentication.”
The recently discovered Sykipot variant has some new features allowing hackers to hijack Department of Defense and Windows smart card. Previously, the attackers made use of a zero day exploit in Adobe and employed a spear phishing campaign in order to persuade the victims to open infected PDF documents. Then, as AlienVault explains, the malware makes use of a keylogger in order to steal PINs for the cards. When the compromised card is inserted into the reader, the malware springs into action and acts as the authenticated user in order to access sensitive information.
One of the implications perceived by analysts is that the current attack forces the decision makers to rethink the security measures. “Although smart cards are designed to provide a two factor system of ‘chip and pin’, again we see that true two-factor authentication is not possible without a physical component that is not accessible digitally,” as AlienVault writes.