July 15, 2014

Cybersecurity Firm Identifies New Active Directory Flaw Potentially Compromising 95% of Fortune 1000 Companies

Aorato Releases New Research Report that Finds Weak Encryption Enables Attacker to Change Victim's Password without being Detected

TEL AVIV, Israel, July 15, 2014 /PRNewswire/ --

Today, cybersecurity firm, Aorato, released "Active Directory Vulnerability
Disclosure: Weak encryption enables Attacker to change a victim's password without being
logged" report, which identifies a new threatening flaw within Active Directory that
enables attackers to change a victim's password, despite current security and identity
theft protection measures. With 95% of Fortune 500 companies deploying Active Directory,
the potential for this particular vulnerability to cause harm and theft is high.

Once the attacker leverages this Active Directory flaw, using the new password, the
attacker can impersonate the victim to access various enterprises services and content,
which require the explicit use of victim's credentials, such as Remote Desktop Protocol
(RDP) Logon and Outlook Web Access (OWA). Unfortunately, despite current security
protocols, logged events miss the vital indication of an identity theft attack. The
attacker can perform this activity unbeknownst to event logs, making log-based SIEMs and
Big Data Security Analytics useless against these kinds of advanced attacks.

"Millions of businesses are blindly trusting Active Directory as a foundation to their
overall IT infrastructure. The unfortunate truth is that this trust is naively misplaced,
leaving the vast majority of Fortune 500 enterprises and employees susceptible to a breach
of personal and company data," said Tal Be'ery, VP Research at Aorato. "Until enterprises
acknowledge the inherent risks associated with relying on Active Directory and build a
strategy to mitigate risks, we will continue to see attackers walking off with valuable
information undetected."

With no inherent solution to mitigate this flaw, Aorato recommends enterprises:

        - Detect authentication protocol anomalies
        - Identify the attack by correlating the abnormal use of encryption methods with
          the context in which the victim's identity is used
        - Apply measures to reduce the attack surface. Note that these measures only
          reduce the attack surface and do not eliminate it altogether or solve the root cause

To read more about this flaw, read here: http://bit.ly/1oKibWD

To learn more about Aorato, please visit: http://www.aorato.com

About Aorato

Aorato protects organizations from advanced attacks. Recognizing Active Directory's
pivotal role in the network, Aorato's flagship product, DAF(TM), automatically learns the
behaviors of all entities engaging directly, or indirectly, with Active Directory. By
profiling the entities, DAF(TM) builds an interaction graph between all entities in order
to detect in real-time suspicious entity behavior. Aorato is backed by strategic
investors, including Eric Schmidt (Innovation Endeavors), Accel Partners, and the founders
of Imperva and Trusteer.

        Idan Plotnik
        [email protected]