A targeted attack against Outlook Web Application (OWA) illustrates how far adversaries will go to establish persistent control over the organization’s entire network.
As seen in recent breaches, attackers typically use stolen credentials or malware to get a foothold on the network, then target the domain controller. Once attackers successfully compromise the domain controller, they can impersonate any user and move freely throughout the enterprise network. Since the OWA server, which provides companies with a Web interface for accessing Outlook and Microsoft Exchange, depends on the domain controller for authentication, whoever gains access to the OWA server automatically wins the domain credentials prize.
To read this article in full or to leave a comment, please click here