V.T. Eric Layton 6,665 Posted January 23, 2020 Share Posted January 23, 2020 TrickBot Now Harvests Windows Active Directory Credentials By Lawrence Abrams | January 23, 2020 | 04:07 PM A new module for the TrickBot trojan has been discovered that targets the Active Directory database stored on compromised Windows domain controllers. Link to post Share on other sites
securitybreach 11,294 Posted January 23, 2020 Share Posted January 23, 2020 Oh goodie, another one.... 1 Link to post Share on other sites
Digerati 181 Posted January 24, 2020 Share Posted January 24, 2020 So all that has to happen is a spam email with its malicious attachment must make it past all security and the spam filters coming into the network. The user, seeing this unsolicited email must open it, then click on the unsolicited Word document attachment that then releases malware that sneaks past without being detected all anti-malware solutions running on the computer to compromise that user's computer. That malicious code then must make its way through the company network to the domain controller, sneaking past that server's own security. Then the malicious TrickBot code, running on that server while remaining undetected, must somehow gain administrative access, grab the Active Directory credentials from the AD database, and then it can execute its payload to grab user credentials. Got it. I'm not trying to minimize the threat, but TrickBot has been around since 2016. And certainly I am not trying to take anything away from Larry Abrams or his article. But the facts are, any network security administrator should already be on top of this. Quote If TrickBot is able to gain administrative access to a domain controller, it will abuse this command to create a copy of the domain's Active Directory database and steal it. That's a pretty big IF! Really, what this article serves is another, but very important reminder and training opportunity to all administrators and users, to avoid being "click-happy" on unsolicited emails, attachments, popups, downloads and links. And for all computer admins (business and home/personal) to keep our operating systems and security software current. And above all, avoid being "click-happy". Link to post Share on other sites
V.T. Eric Layton 6,665 Posted January 24, 2020 Author Share Posted January 24, 2020 2 minutes ago, Digerati said: That's a pretty big IF! And, unfortunately, this "big IF" does happen occasionally. And it only takes one time to ruin someone's day. 1 Link to post Share on other sites
V.T. Eric Layton 6,665 Posted January 24, 2020 Author Share Posted January 24, 2020 3 minutes ago, Digerati said: Really, what this article serves is another, but very important reminder and training opportunity to all administrators and users, to avoid being "click-happy" on unsolicited emails, attachments, popups, downloads and links. And for all computer admins (business and home/personal) to keep our operating systems and security software current. And above all, avoid being "click-happy". Also, VERY true! 2 1 Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now