www.semperis.com
Open in
urlscan Pro
141.193.213.21
Public Scan
URL:
https://www.semperis.com/blog/identity-attack-watch-august-2021/
Submission: On August 28 via api from GB
Submission: On August 28 via api from GB
Form analysis 5 forms found in the DOM
GET /
<form method="get" id="searchform" action="/" role="search">
<label class="sr-only" for="s">Search</label>
<div class="input-group">
<input class="field form-control" id="s" name="s" type="text" placeholder="Search" value="" tabindex="-1">
<span class="input-group-append">
<input class="submit btn btn-primary" id="searchsubmit" name="submit" type="submit" value="Search">
</span>
</div>
</form>POST /blog/identity-attack-watch-august-2021/#wpcf7-f5-o1
<form action="/blog/identity-attack-watch-august-2021/#wpcf7-f5-o1" method="post" class="wpcf7-form init" novalidate="novalidate" data-status="init">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="5">
<input type="hidden" name="_wpcf7_version" value="5.4.1">
<input type="hidden" name="_wpcf7_locale" value="en_US">
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f5-o1">
<input type="hidden" name="_wpcf7_container_post" value="0">
<input type="hidden" name="_wpcf7_posted_data_hash" value="">
</div>
<p><label><span class="wpcf7-form-control-wrap email"><input type="email" name="email" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-email wpcf7-validates-as-required wpcf7-validates-as-email" aria-required="true"
aria-invalid="false" placeholder="Business Email"></span> </label><br>
<input type="submit" value="Send" class="wpcf7-form-control wpcf7-submit" aria-invalid="false"><span class="ajax-loader"></span>
</p>
<div class="wpcf7-response-output" aria-hidden="true"></div><input type="hidden" name="pardot-handler" value="https://go.pardot.com/l/874571/2020-07-14/zchl">
</form>POST /blog/identity-attack-watch-august-2021/#wpcf7-f5-o2
<form action="/blog/identity-attack-watch-august-2021/#wpcf7-f5-o2" method="post" class="wpcf7-form init" novalidate="novalidate" data-status="init">
<div style="display: none;">
<input type="hidden" name="_wpcf7" value="5">
<input type="hidden" name="_wpcf7_version" value="5.4.1">
<input type="hidden" name="_wpcf7_locale" value="en_US">
<input type="hidden" name="_wpcf7_unit_tag" value="wpcf7-f5-o2">
<input type="hidden" name="_wpcf7_container_post" value="0">
<input type="hidden" name="_wpcf7_posted_data_hash" value="">
</div>
<p><label><span class="wpcf7-form-control-wrap email"><input type="email" name="email" value="" size="40" class="wpcf7-form-control wpcf7-text wpcf7-email wpcf7-validates-as-required wpcf7-validates-as-email" aria-required="true"
aria-invalid="false" placeholder="Business Email"></span> </label><br>
<input type="submit" value="Send" class="wpcf7-form-control wpcf7-submit" aria-invalid="false"><span class="ajax-loader"></span>
</p>
<div class="wpcf7-response-output" aria-hidden="true"></div><input type="hidden" name="pardot-handler" value="https://go.pardot.com/l/874571/2020-07-14/zchl">
</form>GET /
<form method="get" id="searchform" action="/" role="search">
<label class="sr-only" for="s">Search</label>
<div class="input-group">
<input class="field form-control" id="s" name="s" type="text" placeholder="Search" value="" tabindex="-1">
<span class="input-group-append">
<input class="submit btn btn-primary" id="searchsubmit" name="submit" type="submit" value="Search">
</span>
</div>
</form>POST #
<form class="acsb-form" data-acsb-search="form" enctype="multipart/form-data" action="#" method="POST"> <input type="text" tabindex="0" name="acsb_search" autocomplete="off" placeholder="Search the online dictionary..."
aria-label="Search the online dictionary..."> <i class="acsbi-search"></i> </form>Text Content
Skip to Content
↵ENTER
Skip to Menu
↵ENTER
Skip to Footer
↵ENTER
Skip to content
Semperis Launches Active Directory Security Halftime Report to Spotlight Gaps in
Securing Hybrid Identity Systems
MAIN NAVIGATION
* Products
* Products
* Directory Services ProtectorComprehensive Directory Threat Monitoring,
Detection, and Response.Explore DSP
* Active Directory Forest RecoveryCyber-First Disaster Recovery for Active
Directory.Explore ADFR
* Unleash Purple KnightPurple Knight is a free Active Directory security
assessment tool built and managed by an elite group of Microsoft identity
experts.Download now
* Solutions
* Solutions
* Critical Infrastructure
* Financial Services
* Healthcare
* Retail
* Transportation
* Insurance
* Hybrid AD Security
* AD Security Assessment
* Uncover AD Attack Paths
* Essential Guide to Securing Microsoft Active DirectoryHow To Uncover
Security Vulnerabilities in Your Core Identity SystemDownnload Now
* Company
* Company
* About Us
* Press Releases
* In the News
* Partners
* Awards
* Careers
* Support
* A Culture of Commitment and GrowthWe’re hiring! Check out the exciting
opportunities at Semperis.Join our team
* Resources
* Blog
* Contact Us
* Demo
* Get a Demo
*
IDENTITY ATTACK WATCH: AUGUST 2021
By Semperis Research Team August 27, 2021 | Active Directory
Cyberattacks targeting Active Directory are on the upswing, putting pressure on
AD, identity, and security teams to monitor the constantly shifting AD-focused
threat landscape. To help IT pros better understand and guard against attacks
involving AD, the Semperis Research Team offers this monthly roundup of recent
cyberattacks that used AD to introduce or propagate malware.
This month, the Semperis Research Team highlights identity-related cyberattacks
including LockFile’s abuses of ProxyShell and PetitPotam flaws, surging LockBit
2.0 attacks, and the expanding Hive exploits.
LOCKFILE ATTACKERS ACCELERATE USE OF PROXYSHELL EXCHANGE SERVER AND PETITPOTAM
FLAWS
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that
LockFile attackers are actively exploiting the ProxyShell Exchange Server flaw
and the PetitPotam vulnerability to gain access to Active Directory and
attendant networks and subsequently drop malware.
Read more
LOCKBIT 2.0 ATTACKS SURGE
The rise in LockBit 2.0 attacks, which include a breach of global consulting
firm Accenture’s systems, prompted the Australian Cyber Security Centre to
release a warning about a “sharp and significant increase” in reported attacks.
LockBit 2.0 automatically encrypts devices across Windows domains by abusing
Active Directory group policies.
Read more
HIVE TAKEDOWN OF HEALTH SYSTEM TRIGGERS FBI ALERT
The FBI issued an alert and a list of Indicators of Compromise (IOCs) associated
with Hive ransomware after the group took down Memorial Health System, which
operates in Ohio and Virginia. Among various other tactics, Hive uses remote
admin software such as ConnectWise to infiltrate systems and establish
persistence, then deploys tools like ADRecon to map the Active Directory
environment.
Read more
NOKIA SUBSIDIARY SUFFERS CONTI RANSOMWARE ATTACK
SAC Wireless, a Nokia subsidiary, was hit with a ransomware attack by Conti
group, which breached the network, stole data, and encrypted systems. The attack
prompted the company to bolster system access policies and expand multi-factor
authentication (MFA) requirements, among other remediation actions.
Read more
REVIL SUSPECTED IN NEVADA HOSPITAL ATTACK
The University Medical Center Southern Nevada reported a ransomware attack that
analysts say could be the work of the REvil group, which uses various tactics to
breach systems, including exploiting administrator privileges.
Read more
CRYTEK GAME DEVELOPER REPORTS EGREGOR RANSOMWARE ATTACK
Ransomware-as-a-service group Egregor breached game developer Crytek’s
information systems, encrypting data and stealing customer information. Egregor,
which was responsible for notorious attacks on retailers Barnes & Noble and
Kmart, exploits Active Directory misconfigurations to breach networks.
Read more
BAZACALL THREATS USE PHONE CENTERS TO DROP MALWARE
Microsoft stepped up warnings about BazaCall threats, which trick victims into
calling into a fraudulent phone center and downloading BazaLoader ransomware
with step-by-step guidance from human operators. After the initial breach,
attackers use ADFind (a free command-line AD discovery tool) to escalate
reconnaissance across victims’ systems.
Read more
MORE RESOURCES
* Detecting and Mitigating the PetitPotam Attack on Windows Domains | Semperis
* Now’s the Time to Rethink Active Directory Security | Semperis
* Applying the MITRE ATT&CK Framework to Your Active Directory | Semperis
About the author
Semperis Research Team
The Semperis Research Team continuously studies the ways cyber criminals are
plotting to compromise organizations' information systems—particularly by
exploiting vulnerabilities in Active Directory—now and in the future. Their work
provides guidance for the security community in protecting against AD-related
attacks and informs the development of products that help organizations increase
their cyber resilience. Linkedin
* Search
* SIGN UP
Get the latest news and content from Semperis.
By clicking Subscribe, I agree to the use of my personal data in accordance
with Semperis Privacy Policy. Semperis will not sell, trade, lease, or rent
your personal data to third parties.
* FEATURED
post Identity Attack Watch: August 2021
post Now’s the Time to Rethink Active Directory Security
post Detecting and Mitigating the PetitPotam Attack on Windows Domains
Featured August 27, 2021
IDENTITY ATTACK WATCH: AUGUST 2021
Cyberattacks targeting Active Directory are on the upswing, putting pressure on
AD, identity, and security teams to monitor the constantly shifting AD-focused
threat landscape. To help IT pros better understand and guard against attacks
involving AD, the Semperis Research Team offers this monthly roundup of
recent...
August 04, 2021
NOW’S THE TIME TO RETHINK ACTIVE DIRECTORY SECURITY
Note: This article was first published in the July 2021 issue of the monthly
newsletter Network Security, and appears...
August 02, 2021
DETECTING AND MITIGATING THE PETITPOTAM ATTACK ON WINDOWS DOMAINS
Update August 10, 2021: Microsoft released a patch that partially covers the
initial PetitPotam authentication coercion...
Unlock cyber resilience. Get a demo
* PRODUCTS
* DS Protector
* Forest Recovery
* RESOURCES
* Blog
* Resources
* COMPANY
* About Us
* In the News
* Press Releases
* Events
* Awards & Recognitions
* Contact
* Careers
* Demo
* Support
* SUBSCRIBE
* CONNECT
*
*
*
*
*
*
* © 2021 Semperis. All Rights Reserved. | Privacy Policy | Sitemap | Terms of
Use
Web development by
Search
English
Accessibility Adjustments
Reset Settings Statement Hide Interface
Choose the right accessibility profile for you
OFF ON
Seizure Safe Profile Eliminates flashes and reduces color
This profile enables epileptic and seizure prone users to browse safely by
eliminating the risk of seizures that result from flashing or blinking
animations and risky color combinations.
OFF ON
Vision Impaired Profile Enhances the website's visuals
This profile adjusts the website, so that it is accessible to the majority of
visual impairments such as Degrading Eyesight, Tunnel Vision, Cataract,
Glaucoma, and others.
OFF ON
Cognitive Disability Profile Assists with reading and focusing
This profile provides various assistive features to help users with cognitive
disabilities such as Autism, Dyslexia, CVA, and others, to focus on the
essential elements of the website more easily.
OFF ON
ADHD Friendly Profile More focus and fewer distractions
This profile significantly reduces distractions, to help people with ADHD and
Neurodevelopmental disorders browse, read, and focus on the essential elements
of the website more easily.
OFF ON
Blind Users (Screen-reader) Use the website with your screen-reader
This profile adjusts the website to be compatible with screen-readers such as
JAWS, NVDA, VoiceOver, and TalkBack. A screen-reader is software that is
installed on the blind user’s computer and smartphone, and websites should
ensure compatibility with it.
Note: This profile prompts automatically to screen-readers.
OFF ON
Keyboard Navigation (Motor) Use the website with the keyboard
This profile enables motor-impaired persons to operate the website using the
keyboard Tab, Shift+Tab, and the Enter keys. Users can also use shortcuts such
as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics)
to jump to specific elements.
Note: This profile prompts automatically for keyboard users.
Content Adjustments
Content Scaling
Default
Readable Font
Highlight Titles
Highlight Links
Text Magnifier
Adjust Font Sizing
Default
Align Center
Adjust Line Height
Default
Align Left
Adjust Letter Spacing
Default
Align Right
Color Adjustments
Dark Contrast
Light Contrast
Monochrome
High Saturation
Adjust Text Colors
Cancel
High Contrast
Adjust Title Colors
Cancel
Low Saturation
Adjust Background Colors
Cancel
Orientation Adjustments
Mute Sounds
Hide Images
Read Mode
Reading Guide
Useful Links
Select an option Home Header Footer Main Content
Stop Animations
Reading Mask
Highlight Hover
Highlight Focus
Big Black Cursor
Big White Cursor
HIDDEN_ADJUSTMENTS
Keyboard Navigation
Accessible Mode
Screen Reader Adjustments
Read Mode
Web Accessibility Solution By accessiBe
Choose the Interface Language
English
Español
Deutsch
Português
Français
Italiano
עברית
繁體中文
Pусский
عربى
عربى
Nederlands
繁體中文
日本語
Hide Accessibility Interface? Please note: If you choose to hide the
accessibility interface, you won't be able to see it anymore, unless you clear
your browsing history and data. Are you sure that you wish to hide the
interface?
Accept Cancel
Continue
Processing the data, please give it a few seconds...