Identity Attack Watch: April 2021

Cyberattacks targeting Active Directory (AD) are on the upswingputting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

In this April roundup, the Semperis Research Team highlights identity-related cyberattacks, including ransomware attacks on UK-based education charity Harris Federation and Broward County schools in Floridaa malicious software update to Click Studios’ Passwordstate, as well as a new form of ransomware, Cring, that exploits vulnerabilities in VPN servers by compromising authentication credentials.

Ransomware attack shuts down UK-based education charity Harris Federation

Harris Federation, a UK-based education charity that runs 50 primary and secondary academies, suffered a ransomware attack that disabled its email and telephone systems. The National Cyber Security Centre warned that ransomware attacks are targeting schools during the COVID-19 pandemic because of the increased use of remote devices that access school information systems through Remote Desktop Protocol (RDP) and Virtual Private Networks (VPNs), which often have faulty identity configurations and weak passwords.

Read more

Conti group attacks Broward County schools in Florida

A breach of the Broward County school district in Florida by Conti group likely used credentials stolen through phishing to steal student and employee information and infect the district’s information systems with malware.

Read more

New ransomware Cring compromises authentication credentials

Kaspersky researchers reported a new form of ransomware, Cring, that exploits security vulnerabilities in VPN servers to access authentication credentials anencrypt networks. The report highlights an unspecified victim in Europe that suffered a shutdown of business operations. Once the system was breached, attackers used Cobalt Strike to gain additional control over the infected systems.

Read more

‘Supply chain’ attack on password manager exposes users’ passwords

Attackers implanted malware into a software update to Click Studios’ password manager platform Passwordstate, potentially exposing 29,000 customers to exfiltration of passwords and other data. The breach occurred between April 20 and April 22. Researchers from CSIS Security Group revealed the attack dubbed Moserpass. The infiltration of malware into software updates is a growing threat – and was involved in the recent SolarWinds supply chain attack.

Read more

More Resources

Want to strengthen defenses of your Active Directory against cyberattacks? Check out our latest resources.

The post Identity Attack Watch: April 2021 appeared first on Semperis.

*** This is a Security Bloggers Network syndicated blog from Semperis authored by Semperis Research Team. Read the original post at: