Targeted domain controller attacks increase 150%

Bit9 has seen a 150 percent increase in the number of attacks on domain controllers year-over-year.

Attackers, largely nation states and cyber criminals, are targeting intellectual property (IP) on these servers – everything from chemical formulas and vaccines to military data, and reports on global economic conditions.

Rather than directly attacking the servers that house the information, the attackers are specifically targeting the domain controllers to gain access to all systems within the company.

“Domain controllers hold the keys to the kingdom,” said Harry Sverdlove, chief technology officer at Bit9. “Hackers target them because after stealing an organization’s user credentials, they can come and go from the network as they please, accessing business critical servers, Web servers, file servers, and any other resource in the network, including a company’s most critical asset: its IP.”

Because domain controllers store authentication information for everyone at an organization, they have become highly strategic targets for cybercriminals intent on stealing business critical data and conducting protracted attacks.

In less than 15 minutes, cybercriminals can break in to domain controllers—also called Active Directory servers—to gain access to all user logins and passwords across an organization. While this information is typically encrypted, using new tools available on the Internet, often for free, cybercriminals can reverse engineer large stores of passwords and credentials, within minutes.

In a recent report, Gartner recommends using application control solutions to protect servers: “Use approaches rooted in application control as the cornerstone of your server protection strategy, not signature-based anti-malware.

Don't miss