Regardless of the original access vector used by a threat actor, Microsoft Active Directory (AD) remains a prominent target in an organisation due to its relationship to privilege and access. The threat actor compromised AD Domain Administrator credentials in the majority of cyber intrusions assessed by iConnect’s incident responders. If the threat actors had not gotten such access, network defenders may have halted the assaults or required the threat actors to work harder to achieve their goals. According to iConnect’s incident responders, companies should use least privilege access on all AD accounts before considering adopting additional security measures to assist AD halt or resist a significant assault.
Because of the proliferation of Windows computers and the reliance of many companies on AD, it is an attractive target. Attackers must first break an organization’s network perimeter in order to get access to AD. Threat actors breaching settings in one of three methods were engaged in 88% of intrusions probed by iConnect’s incident responders in 2021:
Attackers targeting AD quickly seek to escalate privileges to Domain Administrator after gaining a footing in an environment. Most of the time, this process is simple and quick. The attacker then uses the increased access to navigate the network, looking for assets, stealing data, deploying ransomware, and inserting persistence mechanisms.
Because securing AD during an assault is hard and difficult, companies should take proactive actions to improve and secure their AD. Network defenders must construct as many barriers as feasible while also raising awareness about their AD deployment. They must also be aware of security holes, threats, and opportunities for improvement.
Investing in AD and its accompanying controls can improve resilience in the face of cyber assaults. Putting up as many barriers as possible slows and perhaps deters a threat actor from exploring your network, reducing the impact of an early foothold.
iConnect provides a variety of proactive Incident Response services to assist clients in avoiding, detecting, and responding to threats. If you want immediate assistance with an issue, emergency response is available.