1 minute read
BAD ACTIVE DIRECTORY SECURITY HYGIENE:
Why Bad Actors Are Owning Active Directory
It is clear that every organization is a potential target for a cyber attack Small businesses are going out of business due to ransomware attacks encrypting the data, for which the company can’t afford to pay to decrypt Huge enterprises are being breached as if they had no security in place, causing downtime, payment for ransom, and loss of credibility in the market. Multi-faceted breaches are occurring due to service and application weaknesses, which can be duplicated on every installation of the software.
Microsoft Active Directory At The Core
At the core of these attacks is Microsoft Active Directory. Solarwinds, Ryuk, XingLocker, Conti, Lapsus$, Quantum, Agenda… plus so many more… exploit Active Directory weaknesses, misconfigurations, and vulnerabilities to obtain enterprise privileges From this destruction there are two main questions that must be asked regarding the security of AD:
The answer to first is from my own experience. I have never seen an AD infrastructure that couldn’t be breached in minutes or hours. Even the default installation of AD has numerous exploits.
The answer to the second is yes However, this requires time, knowledge, and persistence Audits, pentests, assessments, scans, etc are not enough Instead, the solution requires that the existing structure be evaluated and every potential issue be resolved From there, the secured AD environment must be kept secure, in real time and constantly, to ensure that no security drift occurs, which could lead to an exploit.
