COI Report – Part VII
Page 369 of 425
Since it’s a root access, he/she can turnoff, disable, bypass any additional security measure that might be put in place to prevent he/she accessing other resources. Add new account into Domain Admin group and use those new accounts permanently without being detected (unless domain admin list is constantly being reviewed)
1073. IHiS was made aware of these risks by May 2017, when the FY GIA Audit Report was released. This was more than a year before the Cyber Attack. Nonetheless, these weaknesses were not adequately addressed, and the evidence points strongly to compromised domain controllers having played a key role in the Cyber Attack. Further, domain administrator accounts, like the DA. account, had been compromised during the Cyber Attack.
45.1 The operating system for domain controllers must be more
regularly updated to harden these servers against the risk of
cyber attack.
1074. Ideally, the operating system (“OS”) for all servers should be kept up to date. However, it is accepted that this may not be feasible given the sheer number of servers involved. Nonetheless, priority must be given to domain controllers when rolling out OS upgrades. Domain controllers play a critical role in a Windows network as they are the servers that function as a detailed map of the network and set the basic rules that determine which users are allowed access to which systems.
1075. The use of older OSes means that vulnerabilities that have been addressed in newer versions of the OS can still be exploited. Vivek testified that in general, newer versions of an OS are more secure than older versions, as they benefit from developments insecure coding practices. In today’s IT world, ignoring the security risks inherent in outdated server infrastructure and operating systems is tantamount to disregarding the obvious. Failure to upgrade weakens the ability to respond to the changing cyber threat landscape, and results in the inability to
|
