Active Directory Certificate Services (AD CS) is a foundational component of Windows enterprise infrastructure, responsible for managing public key infrastructure (PKI) and issuing certificates that enable authentication and encryption across networks. Despite its critical role in the enterprise identity infrastructure, AD CS is often undermined by insecure default configurations and design complexities, resulting in exploitable attack surfaces. Due to misconfigured templates and overly permissive enrollment rights, AD CS has emerged as a high-impact, under-monitored vector for privilege escalation and unauthorized identity impersonation in modern environments.
Unlike traditional vulnerability exploitation, AD CS attacks rarely rely on zero-day vulnerabilities or malware. Instead, adversaries misuse native certificate issuance to impersonate privileged accounts, escalate privileges and establish persistence. Unit 42 observations and industry reporting show that these weaknesses are actively exploited by both financially motivated ransomware groups and state-sponsored actors.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- State-Sponsored Actors Focus Attacks on Asia
November 14, 2018
Southeast Asia is the most actively attacked region, accordingly to Cyber Security firm, Group-IB. Their annual Hi-Tech Crime Trends Report 2018 advises, “In just one year, 21 state-sponsored groups were detected in this area, which is more than in the United States and Europe.” Although, not only state-sponsored groups are focusing their attention on this ...
- 7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs
November 14, 2018
Disclosed earlier this year, potentially dangerous Meltdown and Spectre vulnerabilities that affected a large family of modern processors proven that speculative execution attacks can be exploited in a trivial way to access highly sensitive information. Since then, several more variants of speculative execution attacks have been discovered, including Spectre-NG, SpectreRSB, Spectre 1.1, Spectre1.2, TLBleed, Lazy FP, NetSpectre and Foreshadow, patches for which were released ...
- October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Top 10 Threats
November 13, 2018
For the first time, Check Point threat intelligence researchers found that a remote access Trojan (RAT) has reached the Global Threat Index’s Top 10. Dubbed “FlawedAmmyy”, this type of attack allows attackers to remotely control the victim’s machine– gaining full access to the machine’s camera and microphone, collecting screen grabs, stealing credentials and sensitive files, ...
- Microsoft patches Windows zero-day used by multiple cyber-espionage groups
November 13, 2018
Microsoft released today its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company has fixed 62 security flaws. Among the 62 fixes, there is also a fix for a zero-day vulnerability that was under active exploitation before today’s patches were made available. The zero-day, tracked as CVE-2018-8589, impacts the Windows Win32k component. Microsoft ...
- Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
November 13, 2018
Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security. Reports of unauthorized network intrusions that have compromised enterprise security, resources, and data, plague experts on a day-to-day basis, and will continue to do so if not prevented by a more efficient detection system or method. Currently, attackers use polymorphism, ...
- EUROPOL: Internet Organised Crime Threat Assessment 2018
November 12, 2018
It is my pleasure to introduce the 2018 Internet Organised Crime Threat Assessment (IOCTA), not only as it is the fifth anniversary edition of the report, but also my first as the Executive Director of Europol. The IOCTA has been and continues to be a flagship strategic product for Europol. It provides a unique law enforcement ...