Researchers at Dell SecureWorks' Counter Threat Unit (CTU) have discovered malware that sidesteps authentication on Active Directory (AD) systems protected only by passwords.
Dubbed 'Skeleton Key', the researchers found the malware on a client network that used single-factor authentication for access to webmail and VPN – giving the threat actor total access to remote access services. According to CTU, the malware requires an attacker have domain administrator credentials in order to be deployed, and has been observed being used by attackers who have stolen credentials from critical servers, administrators' workstations and the targeted domain controllers.
Read more
No comments:
Post a Comment