PDF
Active Directory is a massive and complex attack surface that has long been a prime target for criminals seeking valuable privileges and data. Incident responders find the service is involved in the bulk of attacks they investigate, underscoring major security challenges for defenders.
Anurag Khanna and Thirumalai Natarajan Muthiah, both principal consultants with Mandiant Consulting, have been observing Active Directory as an attack vector for more than 10 years. Khanna estimates about 90% of attacks their team investigates involve Active Directory in some form, whether it was the initial attack vector or targeted to achieve persistence or privileges.
Active Directory has been around since Windows 2000 but has become a priority for both attackers and defenders in recent years, he says.
In their 81-page report, A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force, experts share proposed guidance to deter ransomware attacks, disrupt its business model, help organizations prepare, and better respond to the global threat.
While other threats, such as business email compromise, also cause tremendous losses for businesses each year, RTF is focusing on ransomware because of its massive impact. One of the concerns we have is the scope and scale of ransomware, says Megan Stifel, executive director for the Americas at the Global Cyber Alliance and co-chair of the RTF. It s holding parts of the ecosystem and the economy at risk, particularly aspects of critical infrastructure, that can give rise to a range of cascading consequences that in some cases individually, or certainly collectively, can create a significant national security problem.
FluBot Malware s Rapid Spread May Soon Hit US Phones darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.
IT software firm Ivanti, which acquired Pulse Secure late last year, today confirmed attackers have targeted a limited number of customers using Pulse Connect Secure (PCS) appliances. It has been working with Mandiant, the Cybersecurity and Infrastructure Security Agency (CISA), and others to respond to the exploits, which target three known vulnerabilities and a zero-day.
The three known flaws include CVE-2020-8243, CVE-2020-8260, and CVE-2019-11510, which CISA recently warned is among several CVEs under attack by the Russian Foreign Intelligence Service (SVR) in its efforts to target US and allied networks, including national security and government systems. All of these vulnerabilities were patched in 2019 and 2020, Ivanti says.
Security Gaps in IoT Access Control Threaten darkreading.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from darkreading.com Daily Mail and Mail on Sunday newspapers.