Skip to main content
close search
site logo
Dive Brief

Threat actors more frequently — and successfully — target Active Directory

Published Sept. 30, 2021
David Jones's headshot
Reporter
David Ramos via Getty Images

Dive Brief:

  • Half of large companies have been the subject of a cyberattack on Active Directory (AD) services in the last one to two years, a report from Enterprise Management Associates on behalf of Attivo Networks and Tenable found. In 42% of those attempts, the attacks were successful, according to the survey of 250 IT professionals and executives from organizations with at least 1,000 employees.
  • The majority (86%) of companies plan to either slightly or significantly increase spending to secure AD environments. They cited reasons for the spending increase, include the higher prevalence of AD attacks, the increase in work from home, the expanded use of cloud IT and the increased prevalence of ransomware. 
  •  "The issue with AD is that it is so extensive that most customers do not have the in-depth knowledge to identify and fix every exposed setting or parameter," Carolyn Crandall, chief security advocate and CMO at Attivo Networks, said. "It's not just a matter of patching or incorrect configurations since there are references on hardening and configuring AD."

Dive Insight:

Attacks on AD have been a serious problem over the past year. AD attacks played a considerable role in the SolarWinds campaign and, most recently, in attacks involving LockBit 2.0 ransomware. 

During the SolarWinds campaign, the state-sponsored threat actor used what is known as the Golden Security Assertion Markup Language (SAML) to create fake user credentials, bypass two-factor authentication and move laterally within a corporate network. The attackers gained elevated access privileges and, once granted, they exfiltrated data from the organization's computer network. 

Attackers often use open source and freely available tools like Bloodhound and Mimikatz to attack AD. The tools help attackers find the shortest path through AD and steal passwords during attacks. 

AD is leveraged by more than 90% of organizations as the backbone of their identity management system, Gartner researchers estimated in a September 2020 study. Most companies, however, have difficulty with several aspects of using AD, including privileged access, identity governance and strong user authentication. 

"AD is not a vulnerable solution by itself and it can be tuned and protected, however, default AD configuration leaves it vulnerable to what would be considered by most security experts as a common attack," said Mickey Bresman, co-founder and CEO of Semperis. 

Companies can use several techniques to protect AD, including reduce the use of privileged accounts, use jump boxes and follow secure technical implementation guides, Crandall said.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell