Organizations Need to Adjust Their Security Strategies to Match Modern Threats
The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even worse if a stolen identity belongs to a privileged user, who has even broader access, which provides the intruder with “the keys to the kingdom”. By leveraging a “trusted” identity a hacker can operate undetected and exfiltrate sensitive data sets without raising any red flags. As a result, it’s not surprising that most of today’s cyber-attacks (e.g., CryptoForHealth Twitter hack) are front ended by phishing campaigns. In fact, nearly one third of all breaches in the past year involved phishing, according to the 2020 Verizon Data Breach Investigations Report. Once inside the target environment, hackers perform reconnaissance to identify regular IT schedules, security measures, network traffic flows, and scan the entire IT environment to gain an accurate picture of the network resources, privileged accounts, and services. Domain controllers, Active Directory, and servers are prime reconnaissance targets to hunt for additional privileged credentials and privileged access.
The Keeper of the Crown Jewels: Active Directory
90 percent of organizations use Active Directory (AD) as their primary store for employee authentication, identity management, and access control in their on-premises environments. However, even for those organizations that have moved their workloads to the cloud, it’s important to understand that cloud identities still depend upon the integrity of on-premises AD, as it is often used as a source to sync to other identity stores. Therefore, an AD compromise can cause a devastating ripple effect across an organization’s identity infrastructure. For example, modificati ..
Support the originator by clicking the read the rest link below.
