Recent research uncovering the “DCShadow” cyberattack on Active Directory (AD) environments prompted Jonathan Sander, Chief Technology Officer at STEALTHbits Technologies commented below.
Jonathan Sander, Chief Technology Officer at STEALTHbits Technologies:
“The DCShadow attack is exactly the type of scenario that should be of great concern to everyone and not written off as hype – because “DCShadow” is not a vulnerability, it is an ingenious way to inject illegitimate data into an AD infrastructure.
There is no patch that can be issued, no configuration setting to change. The way you defend against this attack is by having a clean, understood, properly configured, closely monitored, and tightly controlled Active Directory environment – nothing short of this will protect you.
On the bright side, this is an achievable goal, unlike defending against other attacks. While this attack cannot be executed by an unprivileged attacker, our research has shown that there are many ways to gain the required privileges with publicly available tools and moderate amount of skill.”