Active Directory
Security Experts

Active Directory

All Cyber Attacks Target
Active Directory

Cyber attacks always follow a similar pattern. After penetrating peripheral protection, they target the same infrastructure: Active Director that holds all access control rights.

There are many solutions designed to prevent or detect peripheral breaches. But if these solutions are defeated, a vulnerable Active Directory is an open highway for hackers to access confidential data, gain control of systems and disrupt operations.

Active Directory

The Core of Your
Cyber Security

Over the years, Active Directory has become the cornerstone of corporate security. However, the importance of keeping it secure is usually underestimated. Regardless of how well Active Directory services are initially configured, they are constantly evolving systems and their security needs to be constantly updated for maximum protection.

Maintaining state-of-the-art security for Active Directory is challenging - both technical and process-wise.

What Happens When Active Directory
Is Compromised

Asset Recognition
Lateral Movement
Data Leak or Destruction
Enables Active Persistent Threats

Asset Recognition

Active Directory is a gold mine for hackers. Through it, they can find all the information they need on the systems they want to penetrate: group membership, permissions, system versions, security policies etc.

See an example

Lateral Movement

Attackers have no need for administrative control of Active Directory. With just one regular account, they are able to gain access to adjacent resources, which is usually sufficient to obtain sensitive information.

See an example

Data Leak or Destruction

Active Directory manages access to all resources in the information system. Hackers who gain control over Active Directory can therefore read or tamper with any resource they want.

See an example

Enables Active Persistent Threats

Once they control Active Directory, hackers can discreetly assume control of the entire information system without being detected, accessing all the resources they want, whenever they choose.

See an example

Indicators of Exposure

Uncover Attack Vectors

Alsid defines and uses Indicators of Exposure (IoE) to consistently detect breaches of Active Directory security as soon as they appear., in a standardized and consistent fashion.

Privilege escalation
attack vectors

Backdooring and
persistence techniques

Dangerous security model design

Real Life Companies
That Were Compromised

They may not all make the news, but some of these attacks were extremely damaging.
Here are some recent examples of Active Directory-related intrusions.

Sony Pictures

On November 24, 2014, a hacker group which identified itself by the name "Guardians of Peace" (GOP) leaked confidential data from the Sony Pictures film studio. The data included personal information about Sony Pictures employees and their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films and other information. The perpetrators then employed several Active Directory-related attack techniques to compromise Sony's IT infrastructure.

Entertainment
US National Democratic Party

The Democratic National Committee (DNC) cyber attacks took place in 2015 and 2016, during which computer hackers infiltrated the DNC's computer network and caused a data breach. Some cybersecurity experts, as well as the U.S. government, stated that the attack was successful thanks to the use of several Active Directory attack techniques.

Politics
Orano, formerly Areva

French nuclear power group Areva was the target of a cyber attack in September 2011. According to sources, attackers used several Active Directory vulnerabilities to steal credentials of senior executives (passwords, secret keys, etc.) and stealthily access sensitive business and R&D material.

Manufacturing
Target

During the 2013 holiday period, Target announced a major data breach. At a time when more customers were in the store than any other time of year, cyber criminals gained access to the retailer's network and began siphoning credit card data off of the system. By using Active Directory backdooring techniques, hackers were able to gain access and stay undetected for almost a month.

Retail

Get In Touch

Explore how Alsid can boost your organisation’s IT security and give you better peace of mind.