In the Hacker's Crosshairs: Active Directory

2021-01-27 15:22

Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.

90 percent of organizations use Active Directory as their primary store for employee authentication, identity management, and access control in their on-premises environments.

This is typically done by using tools such as Bloodhound, an open-source application used for analyzing the security of Active Directory domains and identifying avenues for escalating access entitlements.

Creating a solid perimeter and investing in a well-built security team is still important, but organizations need to adjust their security strategies to match modern threats and focus on identity and credentials.

In the context of threat actors exploiting AD to extend their reach into their victim's network, security practitioners should establish security controls to monitor for and prevent unsanctioned changes within AD itself.

Since AD and similar directory services such as IBM Red Hat Directory Server, Apache Directory, and OpenLDAP are prime targets for cyber-attackers trying to steal credentials and deploy ransomware across the network, protecting and monitoring changes to these identity and access management systems should be a priority.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/JDk3Diz5oMk/hackers-crosshairs-active-directory

#activedirectory #hacker