All Cyber Attacks Target
Cyber attacks always follow a similar pattern. After penetrating peripheral protection, they target the same infrastructure: Active Director that holds all access control rights.
There are many solutions designed to prevent or detect peripheral breaches. But if these solutions are defeated, a vulnerable Active Directory is an open highway for hackers to access confidential data, gain control of systems and disrupt operations.
The Core of Your
Over the years, Active Directory has become the cornerstone of corporate security. However, the importance of keeping it secure is usually underestimated. Regardless of how well Active Directory services are initially configured, they are constantly evolving systems and their security needs to be constantly updated for maximum protection.
Maintaining state-of-the-art security for Active Directory is challenging - both technical and process-wise.
What Happens When Active Directory
Active Directory is a gold mine for hackers. Through it, they can find all the information they need on the systems they want to penetrate: group membership, permissions, system versions, security policies etc.See an example
Attackers have no need for administrative control of Active Directory. With just one regular account, they are able to gain access to adjacent resources, which is usually sufficient to obtain sensitive information.See an example
Data Leak or Destruction
Active Directory manages access to all resources in the information system. Hackers who gain control over Active Directory can therefore read or tamper with any resource they want.See an example
Enables Active Persistent Threats
Once they control Active Directory, hackers can discreetly assume control of the entire information system without being detected, accessing all the resources they want, whenever they choose.See an example
Indicators of Exposure
Uncover Attack Vectors
Alsid defines and uses Indicators of Exposure (IoE) to consistently detect breaches of Active Directory security as soon as they appear., in a standardized and consistent fashion.
Real Life Companies
That Were Compromised
They may not all make the news, but some of these attacks were extremely damaging.
Here are some recent examples of Active Directory-related intrusions.
On November 24, 2014, a hacker group which identified itself by the name "Guardians of Peace" (GOP) leaked confidential data from the Sony Pictures film studio. The data included personal information about Sony Pictures employees and their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films and other information. The perpetrators then employed several Active Directory-related attack techniques to compromise Sony's IT infrastructure.
The Democratic National Committee (DNC) cyber attacks took place in 2015 and 2016, during which computer hackers infiltrated the DNC's computer network and caused a data breach. Some cybersecurity experts, as well as the U.S. government, stated that the attack was successful thanks to the use of several Active Directory attack techniques.
French nuclear power group Areva was the target of a cyber attack in September 2011. According to sources, attackers used several Active Directory vulnerabilities to steal credentials of senior executives (passwords, secret keys, etc.) and stealthily access sensitive business and R&D material.
During the 2013 holiday period, Target announced a major data breach. At a time when more customers were in the store than any other time of year, cyber criminals gained access to the retailer's network and began siphoning credit card data off of the system. By using Active Directory backdooring techniques, hackers were able to gain access and stay undetected for almost a month.
Get in touch
Explore how Alsid can boost your organisation’s IT security and give you better peace of mindContact us