Microsoft has revealed that nearly 80% of human-operated cyberattacks involve compromised domain controllers, according to a recent blog post published on Wednesday. Alarmingly, in over 30% of these incidents, attackers use the domain controller—a central system in corporate IT networks—to spread ransomware across the organization.
A breached domain controller can give hackers access to password hashes for every user in the system. With these credentials, cybercriminals can identify and exploit privileged accounts, including those held by IT administrators. Gaining control of these accounts allows attackers to escalate their access levels.
“This level of access enables them to deploy ransomware on a scale, maximizing the impact of their attack,” Microsoft stated.
One such attack, observed by the tech giant, involved a group known as Storm-0300. The hackers infiltrated a company’s systems by exploiting its virtual private network (VPN). After acquiring administrator credentials, they tried to access the domain controller through the remote desktop protocol (RDP). Once inside, they carried out a series of actions including reconnaissance, bypassing security measures, and escalating their privileges.
Despite the growing frequency of attacks, Microsoft emphasized the difficulty in protecting domain controllers due to their critical role in network management an
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: