Shedding light on the threat posed by shadow admins

2021-04-30 06:00

Shadow admins pose a threat to organizations because these accounts have privileged access to perform limited administrative functions on Active Directory objects.

Threat actors seek shadow admin accounts because of their privilege and the stealthiness they can bestow upon attackers.

Crucially, shadow admins are accounts that are not members of a privileged AD group.

The native way to identify shadow admin accounts is to conduct an exhaustive audit of all ACL entries within AD. This process takes time and is also inefficient because its manual nature means an inevitable chance to overlook these dangerous accounts.

The security community is now seeing the advent of innovations that can identify shadow admin accounts at the AD controller level as excess privilege exposures.

Forward-looking organizations could also take advantage of the fact that shadow admins are attractive to adversaries by using fake accounts to detect and redirect them to decoys.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/p1PMDy25qVQ/

#threat