One Domain Controller
Once on the corporate network with legitimate account credentials, attackers can attempt to access other systems. The attackers gained access to a domain controller containing the database of hashed passwords of every Times employee, according to the report. Security experts warn that companies should not only hash, but instead add the additional salting protection, making password cracking more difficult. Poor password management policies often make it easy for cybercriminals to crack hashed and even salted passwords. Common passwords seen repeatedly by penetration testers are either easily guessable or a dictionary word that can be cracked with an automated tool.