Five Eyes Agencies Put Focus on Active Directory Threats - Security Boulevard

Cybersecurity agencies in the United States and other countries are urging organizations to harden the security around Microsoft’s Active Director (AD) solution, which has become a prime target of hackers looking to compromise enterprise networks. Semperis last year wrote about protecting Active Directory from Kerberoasting, a technique used by threat groups to exploit the Kerberos authentication protocol to extract service account credentials. CISA and the FBI joined with counterparts from Canada, the UK, Australia, and New Zealand in issuing a recent report that detailed more than a dozen techniques that threat actors use when targeting Active Directory and steps organizations can take to protect against them. The Five Eyes agencies noted a range of compromise techniques hackers use, from password spraying (a brute-force attack using a list of common passwords) to compromising Group Policy Preferences passwords or AD Certificate Servers and creating golden certificates, a persistence tactic. The agencies – which make up the Five Eyes intelligence alliance – noted that Active Directory is the most widely used authentication and authorization tool in enterprise networks. “Active Directory is susceptible to compromise due to its permissive default settings, its complex relationships, and permissions; support for legacy protocols and a lack of tooling for diagnosing Active Directory security issues. Every AD user has enough permission within Active Directory to enable them to both identity and exploit its weaknesses, creating an attack surface that is both large and difficult to defend, according to the report. Through this persistence, they can remotely log into organizations, bypass multi-factor authentication (MFA) controls, and remain undetected in Active Directory for months or years. “These services provide multiple authentication options, including smart card logon, as well as single sign-on with on-premises and cloud-based services,” the agencies wrote. They also noted that there are multiple services within AD, including Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS), and Active Directory Certificate Services (AD CS). “It is often these hidden relationships, which are overlooked by organisations, that malicious actors exploit, sometimes in trivial ways, to gain complete control over an organisation’s enterprise IT network,” they wrote. “This allows users to access cloud-based systems and services,” the agencies wrote. They pointed to commercial and open source tools enterprises can use to protect AD, including BloodHound for identifying misconfigurations and other weaknesses that can be exploited, Netwrix PingCastle, which creates an AD security report, and Purple Knight, which similarly provides security information about an AD environment. Active Directory has long been known as a popular target of threat groups. “The benefit of this technique is that it does not rely on correlating event logs, providing a strong indication a compromise has happened,” the agencies wrote. Bad actors that get control of an enterprise’s AD can gain privileged access to all systems and users that the tool manages, giving them multiple avenues for running their attacks. “Notably, this technique does not rely on detecting the tooling used by malicious actors (like some other detection techniques do), but instead detects the compromise itself. There are other ways hackers can leverage AD to compromise organizations, including establishing persistence in their IT systems. Getting them out of it can be costly and time-consuming, possibly requiring such actions as resetting all users’ passwords or rebuilding Active Directory.

This Cyber News was published on securityboulevard.com. Publication date: Tue, 01 Oct 2024 12:43:05 +0000


Cyber News related to Five Eyes Agencies Put Focus on Active Directory Threats - Security Boulevard

Five Eyes Agencies Put Focus on Active Directory Threats - Security Boulevard - Cybersecurity agencies in the United States and other countries are urging organizations to harden the security around Microsoft’s Active Director (AD) solution, which has become a prime target of hackers looking to compromise enterprise networks. ...
1 week ago Securityboulevard.com
Avoid high cyber insurance costs by improving Active Directory security - Insurance broker and risk advisor Marsh revealed that US cyber insurance premiums rose by an average of 11% in the first quarter of 2023, and Delinea reported that 67% of survey respondents said their cyber insurance costs increased between 50% and ...
6 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
How Cloud Solutions Can Lead to Stronger, More Secure IT Operations - Cloud services, which offer tools such as networks, servers, and data storage, can help federal agencies deliver better IT services while minimizing costs. Without adequate security measures, these services can expose agencies to cyberattacks. The ...
6 months ago Cyberdefensemagazine.com
Accelerating Safe and Secure AI Adoption with ATO for AI: stackArmor Comments on OMB AI Memo - We appreciate the opportunity to comment on the proposed Memo on Agency Use of Artificial Intelligence. Ensuring agencies have access to adequate IT infrastructure,. We base our remarks on our experience helping US Federal agencies transform their ...
9 months ago Securityboulevard.com
Majority of Gao's Cybersecurity Recommendations Not Implemented by Federal Agencies - The Government Accountability Office has recently reported that federal agencies have been slow to implement a majority of the recommendations it made for improving the cybersecurity of federal agencies. Despite the implementation progress at some ...
1 year ago Securityweek.com
How Government Agencies Can Leverage Grants to Shore Up Cybersecurity - COMMENTARY. Since the pandemic forced unprecedented adoption of remote access and delivery of government services, telehealth, and education, cybersecurity has rapidly shot to the top of priority lists for IT leaders. What was once a shiny object ...
5 months ago Darkreading.com
Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs - Government agencies in the US, UK, Canada, Australia, and New Zealand have published guidance for software makers to eliminate memory safety vulnerabilities. The document, named Case for Memory Safe Roadmaps, recommends the adoption of memory safe ...
10 months ago Securityweek.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
9 months ago Techtarget.com
The Evolution of Cyber Threats: Past, Present, and Future - Cyber threats have evolved significantly over time, posing increasing risks to individuals, organizations, and governments in our interconnected world. Let's explore the past, present, and future of cyber threats to better understand how to protect ...
8 months ago Securityzap.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
5 months ago Blog.checkpoint.com
Security Alert! CISA Reports Refund Scam Targeting Federal Agencies Through Remote Management Software - The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert to federal agencies about a refund scam targeting them through remote management software. According to the alert, hackers have been using the remote software to ...
1 year ago Therecord.media
Active Directory Infiltration Methods Employed by Cybercriminals - Active Directory infiltration methods exploit vulnerabilities or weaknesses in Microsoft's Active Directory to gain unauthorized access. Active Directory is a central component in many organizations, making it a valuable target for attackers seeking ...
9 months ago Gbhackers.com
Dozens of Rogue California Police Agencies Still Sharing Driver Locations with Anti-Abortion States - SAN FRANCISCO-California Attorney General Rob Bonta should crack down on police agencies that still violate Californians' privacy by sharing automated license plate reader information with out-of-state government agencies, putting abortion seekers ...
8 months ago Eff.org
How to incorporate human-centric security - Cybersecurity is awash in threat detection and mitigation solutions: SIEM, DLP, SOAR, MDR, EDR, XDR, and more. Threat detection is essential, as it serves to locate and minimize the threat as quickly and effectively as possible. A recent study from ...
9 months ago Helpnetsecurity.com
How to Identify & Monitor Insider Threat Indicators [A Guide] - Most security protocols look outward when looking for cybersecurity threats. Our recent study found that 42% of exposed credentials came from an insider threat-former employees whose credentials were still active, employee error, or a malicious ...
6 months ago Securityboulevard.com
The US Needs To Follow Germany's Attack-Detection Mandate - To effectively combat these threats, the US needs to adopt a comprehensive and proactive approach to cybersecurity, similar to the one taken by Germany with its IT-SiG 2.0 mandate. The IT-SiG Approach Compared With the US's Current Capabilities One ...
10 months ago Darkreading.com
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
1 week ago Cyberdefensemagazine.com
Cybersecurity Trends: Shaping the Future Landscape - Embark on a journey through the ever-evolving landscape of cybersecurity, where hidden threats and silent breaches shape the digital realm. AI is transforming the cybersecurity landscape by enhancing threat detection and mitigation, ushering in a ...
6 months ago Securityzap.com
Rugged Laptops: What Defense and First Responders Should Look For - Guest Editorial by Mike McMahon, President, Getac North America With law enforcement and first response data being targeted by bad actors and the growing threat of cyberspace being used as a theater of war, the rugged laptops used in the defense of ...
8 months ago Americansecuritytoday.com
How the Evolving Role of the CISO Impacts Cybersecurity Startups - It helps startups striving to meet the ever-evolving needs of CISOs, who are simultaneously seeking the elusive but paramount buy-in from business users and executives. The CISO role has evolved dramatically in the past few years in response to ...
10 months ago Darkreading.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
8 months ago Cybersecuritynews.com
Top 19 Network Security Threats + Defenses for Each - Network security threats are technological risks that weaken the defenses of an enterprise network, endangering proprietary data, critical applications, and the entire IT infrastructure. There are seven major categories of network security issues ...
8 months ago Esecurityplanet.com
US Federal Agencies Miss Deadline for Incident Response Requirements - Although US federal agencies have made progress in preparing for and responding to cyber threats, too many have failed to meet the deadline to implement incident response capabilities required by law, according to the US Government Accountability ...
10 months ago Infosecurity-magazine.com
Cyber and Physical Security Are Different, But They Must Work Together - America's critical infrastructure faces more diverse threats than ever before. The rapid digitalization of many sectors and the relatively analog operational environments that exist in others have led security specialists and analysts to develop ...
10 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)