1 minute read
UNPATCHED VULNERABILITIES AND MISCONFIGURATIONS TARGETING AD PRIVILEGE ESCALATION ATTACKS IN AD
DOMAIN DOMINANCE: EXECUTION OF THE ATTACK BY THE RANSOMWARE ONCE THE ATTACK PATH IS DISCOVERED
The scope and scale of privilege exploitation attacks in AD environments continue to increase. A 201 8 Forrester report says that privileged access abuse is involved in 80% of all security breaches. Attackers with access to ordinary user accounts will move laterally in the network with the goal of elevating to a highly privileged account, such as a domain admin account. The challenge for enterprises is to detect if privileged access has been granted to a non-privileged user because that may indicate an attack.
Additionally, attack paths can be created in AD by stringing together abusable privileges and actions This could enable an attacker who compromises a single ordinary user account to gain administrative privileges or even take complete control of the IT environment
For instance, the recent privilege escalation vulnerability in AD CVE-2022-26923 allows attackers who have gained access to standard user accounts to then impersonate domain administrators and take complete control over the domain. If the attack is successful, enterprises could find themselves in the undesirable position of having to clean and rebuild their entire AD environment. It is crucial to detect and eliminate privilege escalation vulnerabilities to prevent complete AD control.
