Cybercrime has grown to become a $1.5 trillion USD industry, with high profile attacks on businesses and governments making headlines almost every week. One of the most common ways that hackers succeed at compromising businesses is by exploiting weaknesses in Active Directory. Factories have been shut down, aeroplanes grounded, and corporations bankrupted in the aftermath of Active Directory-based attacks.
What is Active Directory?
Active Directory is the foundation on which most enterprise IT infrastructure is built; it is a directory service that is used to manage users, computers and other devices connected to your network. It can be used to set up and manage user groups, to assign and enforce security policies for computers and servers, and to install or update software. This incredible power makes Active Directory a high priority target for hackers. If successfully exploited, they can undermine the security posture of your organisation’s IT infrastructure, with dramatic consequences. Hackers exploit vulnerabilities in Active Directory in order to move laterally until access rights can be inherited or impersonated to gain access to your ‘crown jewels’.
Impact of Active Directory attacks
Brand damage and loss of customer trust are some of the most devastating effects of cybercrime. Sony Pictures Entertainment was breached in 2014 when hackers were able to leak confidential data of employees and their families, internal emails, executive salaries, copies of unreleased films and plans for future films. The hackers then employed malware to erase parts of Sony’s computer infrastructure. In the same year, cybercriminals were able to steal 40 million credit card numbers from Target. After news of the hack, sales fell at an astonishing rate with numerous outlets across the U.S closing as a result.
The destruction left behind after an Active Directory attack is often the worst part. IT remediation costs can be extreme, especially in cases where the Active Directory environment has been completely compromised. Rebuilding Active Directory after a compromise is a painful and expensive process, which stops employees from working and your business from operating. Insider threats can also cause significant damages to an organisation, with 'excessive access privileges' being one of the most common Active Directory vulnerabilities.
Best practices to improve your Active Directory security
The threat landscape is evolving at a rapid pace; it is not enough to simply implement security solutions and let them run blindly in the background. Active Directory events need to be analysed against a threat intelligence feed to ensure issues are flagged as they occur and brought to the attention of a dedicated IT security team. To achieve this, you will need to make use of specialised technologies that combine Active Directory focused intelligence feeds and local event logging.
The Missing Link has partnered with Alsid, who offer organisations efficient and effective solutions to detect the latest Active Directory-based threats and cyber-attacks. Together, we will help you create a strong security baseline in your environment, monitor the security status of your Active Directory environment in real-time, and detect security breaches before hackers have a chance to move laterally or escalate privileges. In the event of an attack, we can also provide guidance to prevent and remediate threats in real-time, rather than waiting until after the damage is done to begin triage.
