Dramatic Increase in Attacks on Domain Controllers Puts Enterprise Customer Data and Intellectual Property at Risk
03.29.12 – Waltham, Mass. – Bit9, the global leader in Advanced Threat Protection, today announced it has seen a 150 percent increase in the number of attacks on domain controllers year-over-year. Attackers, largely nation states and cyber criminals, are targeting intellectual property (IP) on these servers—everything from chemical formulas and vaccines to military data, and reports on global economic conditions. Rather than directly attacking the servers that house the information, the attackers are specifically targeting the domain controllers to gain access to all systems within the company.
Servers as a whole have become such a target for cyber criminals and cyber espionage in the past year that the 2012 Verizon Data Breach Report gave its “Pwny award” to servers because 94 percent of all data compromised involved servers, up by 18 percent over the previous year.*1
“Domain controllers hold the keys to the kingdom,” said Harry Sverdlove, chief technology officer at Bit9. “Hackers target them because after stealing an organization’s user credentials, they can come and go from the network as they please, accessing business critical servers, Web servers, file servers, and any other resource in the network, including a company’s most critical asset: its IP.”
Because domain controllers store authentication information for everyone at an organization, they have become highly strategic targets for cybercriminals intent on stealing business critical data and conducting protracted attacks. In less than 15 minutes, cybercriminals can break in to domain controllers—also called Active Directory servers—to gain access to all user logins and passwords across an organization. While this information is typically encrypted, using new tools available on the Internet, often for free, cybercriminals can reverse engineer large stores of passwords and credentials, within minutes.
In a recent report, Gartner recommends using application control solutions to protect servers: “Use approaches rooted in application control and allowlisting as the cornerstone of your server protection strategy, not signature-based anti-malware.”*2
For more information on domain controllers, the following resources are available on Bit9’s Website:
- View the Bit9 domain controller whiteboard video on how domain controllers are targeted and how to protect them.
- Find out how the Bit9 Parity for Servers solution protects domain controllers.
- Read how a Fortune 1000 technology company protects its servers from advanced persistent threats.
Bit9, the global leader in Advanced Threat Protection, protects the world’s intellectual property (IP) by providing innovative, trust-based security solutions to detect and prevent sophisticated malware and cyber threats. The world’s leading brands rely on Bit9’s award-winning Advanced Threat Protection Platform for endpoint protection and server security.
Bit9 stops advanced persistent threats by combining real-time sensors, cloud-based software reputation services, continuous monitoring and trust-based application control and allowlisting—eliminating the risk from malicious, illegal and unauthorized software.
The company’s global customers come from a wide variety of industries, including e-commerce, financial services, government, healthcare, retail, technology and utilities. Bit9 was founded on a prestigious United States federal research grant from the National Institute of Standards and Technology – Advanced Technology Program (NIST ATP) to conduct the research that is now at the core of the company’s solutions.
Bit9 is privately held and based in Waltham, Mass. For more information, visit our website, follow us on Twitter, Facebook and Google+, or call +1 617-393-7400.
*1 The 2012 Data Breach Investigations Report published by Verizon.
*2 How to Devise a Server Protection Strategy, Gartner, 6 December 2011.