cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DCs Brute Force attack

Tomas_21
Copper Contributor

‎Aug 16 2021 05:30 AM - last edited on ‎Apr 08 2022 10:52 AM by

‎Aug 16 2021 05:30 AM - last edited on ‎Apr 08 2022 10:52 AM by

DCs Brute Force attack

Hi All. 

 

Thank you for having the time of reading my email. We are going through a Brute-Force attack directly to our DCs. The attackers have been able to access to 40 user accounts and they are trying with multiple passwords against out DCs. We are assuming that they must be on our network or through our VPN. Our tools are DEP, MCAS, AzureSentinel and we are not able to see the source IP. We can only see the Device ID and they are actually trying from different PCs and surprisingly these PCs have the same ID but the IPs are not displayed. I was wandering if any of you would have a suggestion on how to stop this attack. 

 

Thank you very much in advance for your help. 

Tomas Gonzales.  

Labels:
896 Views
0 Likes
1 Reply
Reply
1 Reply
TomWechsler

‎Aug 16 2021 07:46 AM

‎Aug 16 2021 07:46 AM

Re: DCs Brute Force attack

In the first place, I would try to determine how and where the attacks are coming from. Especially how the attackers got into your network. As long as this is not known, it makes no sense to try to stop the attack, because the attack can be started again at any time. Start insolating the client systems and try to clean them up. For example, use a boot CD to perform the scan independently of the operating system.
There are so many steps that need to be taken, unfortunately it is not possible to list everything here. Good luck!
0 Likes
Reply