Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/29/2012
01:14 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Bit9 Sees A 150 Percent Increase In Targeted Domain Controller Attacks

Attackers, largely nation-states and cybercriminals, are targeting intellectual property

WALTHAM, Mass.—March 28, 2012 – Bit9, the global leader in Advanced Threat Protection, today announced it has seen a 150 percent increase in the number of attacks on domain controllers year-over-year. Attackers, largely nation states and cyber criminals, are targeting intellectual property (IP) on these servers—everything from chemical formulas and vaccines to military data, and reports on global economic conditions. Rather than directly attacking the servers that house the information, the attackers are specifically targeting the domain controllers to gain access to all systems within the company.

Servers as a whole have become such a target for cyber criminals and cyber espionage in the past year that the 2012 Verizon Data Breach Report gave its “Pwny award” to servers because 94 percent of all data compromised involved servers, up by 18 percent over the previous year.*1

“Domain controllers hold the keys to the kingdom,” said Harry Sverdlove, chief technology officer at Bit9. “Hackers target them because after stealing an organization’s user credentials, they can come and go from the network as they please, accessing business critical servers, Web servers, file servers, and any other resource in the network, including a company’s most critical asset: its IP.”

Because domain controllers store authentication information for everyone at an organization, they have become highly strategic targets for cybercriminals intent on stealing business critical data and conducting protracted attacks. In less than 15 minutes, cybercriminals can break in to domain controllers—also called Active Directory servers—to gain access to all user logins and passwords across an organization. While this information is typically encrypted, using new tools available on the Internet, often for free, cybercriminals can reverse engineer large stores of passwords and credentials, within minutes.

In a recent report, Gartner recommends using application control solutions to protect servers: “Use approaches rooted in application control as the cornerstone of your server protection strategy, not signature-based anti-malware.”*2

For more information on domain controllers, the following resources are available on Bit9’s Website:

View the Bit9 domain controller whiteboard video on how domain controllers are targeted and how to protect them.

Find out how the Bit9 Parity for Servers solution protects domain controllers.

Read how a Fortune 1000 technology company protects its servers from advanced persistent threats.

Click to Tweet: @Bit9 Sees a 150% Increase in Targeted Domain Controller Attacks http://bit.ly/GXz5st

About Bit9

Bit9, the global leader in Advanced Threat Protection, protects the world’s intellectual property (IP) by providing innovative, trust-based security solutions to detect and prevent sophisticated malware and cyber threats. The world’s leading brands rely on Bit9’s award-winning Advanced Threat Protection Platform for endpoint protection and server security.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...