Active Directory is Under Attack

Ransomware Survey Says… Active Directory is Under Attack and Needs Attention

CyberRisk Alliance (CRA) published a new report titled “State of Ransomware: Invest now or pay later.” The report highlighted new findings from a January 2022 research study on the continuing escalation of ransomware attacks and what organizations are doing about it. Most startling of all, the report indicates that 95% of attacks involve Windows Active Directory (AD), which serves as the primary identity solution for most organizations. Protecting AD must be a priority for today’s organizations—and the rest of the CRA report underscores the danger for those who neglect to do so. With Attivo Networks as a sponsor of the report, Carolyn Crandall, Chief Security Advocate, took the liberty to extract and drill down into the data specific to credential and AD risks. She found that:

Directory Services Face Significant Risk

Attackers have identified credential theft as a highly successful attack vector, whether by tricking employees into revealing their passwords via social engineering or compromising credentials stored on an endpoint.

The Vulnerability of Active Directory

The survey also captured that Active Directory was involved in 95% of attacks, which is very consistent with the statements made by Mandiant in their Ransomware Preparedness Training. Within that session, they pointed to exposures in Active Directory as the root cause of why ransomware criminals continue to be successful.

Comprehensive Protection Is Necessary

The most important thing for an organization to do is to understand the ransomware attack cycle and protect Active Directory privileges from falling into their hands.

Attivo offers a portfolio of solutions for protecting Active Directory. These software licenses can often be purchased standalone or as part of an overall bundle.

  • ADAssessor for understanding Active Directory vulnerabilities and quickly detecting Indicators of Attack
  • ADSecure- EP for detecting unauthorized queries from an endpoint, hiding the AD objects, and returning fake data for elicitation to gather TTPs and IoCs
  • ADSecure-DC protects domain controllers from attacks from Windows, Mac, Linux, IoT, OT devices and adds deep packet inspection and behavior correlation of logs
  • ThreatPath identifies and remediates at-risk stored administrator credentials, deactivated MFA, delegated administrators, and orphaned or duplicate credentials at the endpoint

These solutions provide a layered defense, making it exponentially harder for an attacker to successfully leverage AD as part of their malicious or ransomware attack.

Read the full article here or contact your local Exclusive Networks Account Manager to learn more about protecting your environment.