All Cyber Attacks Target
Cyber attacks always follow a similar pattern. After penetrating peripheral protection, they target the same infrastructure: Active Director that holds all access control rights.
There are many solutions designed to prevent or detect peripheral breaches. But if these solutions are defeated, a vulnerable Active Directory is an open highway for hackers to access confidential data, gain control of systems and disrupt operations.
The Core of Your
Over the years, Active Directory has become the cornerstone of corporate security. However, the importance of keeping it secure is usually underestimated. Regardless of how well Active Directory services are initially configured, they are constantly evolving systems and their security needs to be constantly updated for maximum protection.
Maintaining state-of-the-art security for Active Directory is challenging - both technical and process-wise.
What Happens When Active Directory
Hackers seek to gain access to the latest commercial proposal for a multi-million dollar deal. By exploiting Active Directory, they are able to identify who is working on the deal, which system is used to store documents, and which member of the team has the most vulnerable computer (old OS version or risky security policy).
After compromising a user's device in the Accounts Payable department, a hacker can move laterally to access systems used by the Payroll and Corporate Controlling department. Worst of all, this lateral move is not even a breach: it's just normal Active Directory behaviour!
Once Active Directory has compromised, a hacker manages to bypass all security mechanisms to identify and access the CEO's mailbox. Through this, he can connect to the customers database and exfiltrate confidential information before erasing records and backups.
Once they have compromised Active Directory, hackers are able to erase any artefact they have left on devices. This conceals themselves from security teams and allows them to remain digitally invisible for months while they steal corporate assets.
Indicators of Exposure
Alsid defines and uses Indicators of Exposure (IoE) to consistently detect breaches of Active Directory security as soon as they appear., in a standardized and consistent fashion.
Dangerous security model design
Real Life Companies
That Were Compromised
That Were Compromised
They may not all make the news, but some of these attacks were extremely damaging.
Here are some recent examples of Active Directory-related intrusions.
On November 24, 2014, a hacker group which identified itself by the name "Guardians of Peace" (GOP) leaked confidential data from the Sony Pictures film studio. The data included personal information about Sony Pictures employees and their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films and other information. The perpetrators then employed several Active Directory-related attack techniques to compromise Sony's IT infrastructure.
The Democratic National Committee (DNC) cyber attacks took place in 2015 and 2016, during which computer hackers infiltrated the DNC's computer network and caused a data breach. Some cybersecurity experts, as well as the U.S. government, stated that the attack was successful thanks to the use of several Active Directory attack techniques.
French nuclear power group Areva was the target of a cyber attack in September 2011. According to sources, attackers used several Active Directory vulnerabilities to steal credentials of senior executives (passwords, secret keys, etc.) and stealthily access sensitive business and R&D material.
During the 2013 holiday period, Target announced a major data breach. At a time when more customers were in the store than any other time of year, cyber criminals gained access to the retailer's network and began siphoning credit card data off of the system. By using Active Directory backdooring techniques, hackers were able to gain access and stay undetected for almost a month.
Get In Touch
Explore how Alsid can boost your organisation’s IT security and give you better peace of mind.