New guidance on detecting and mitigating AD compromises released
The Australian Cyber Security Centre (ACSC) has released new guidance titled Detecting and mitigating Active Directory compromises. The guidance aims to provide strategies to help organisations mitigate the 17 most prevalent techniques used by malicious cyber actors to target Active Directory and gain access to their networks.
Detecting and mitigating Active Directory compromises builds on recent updates to the Information Security Manual (ISM) and includes a checklist with Active Directory security controls for organisations.
Microsoft’s Active Directory is the most widely used authentication and authorisation solution in enterprise information technology (IT) networks globally. This makes it a valuable target for malicious cyber actors and it is routinely targeted as part of attacks on enterprise IT networks.
Active Directory is susceptible to compromise due to its permissive default settings, its complex relationships and permissions, support for legacy protocols, and lack of tooling for diagnosing Active Directory security issues. These issues are commonly exploited by malicious actors to compromise Active Directory. Its susceptibility to compromise is, in part, because every user in Active Directory has sufficient permission to enable them to both identify and exploit weaknesses. These permissions make Active Directory’s attack surface exceptionally large and difficult to defend against attack.
Gaining control over Active Directory gives malicious cyber actors privileged access to all systems and users that Active Directory manages. With this privileged access, they can bypass other controls and access systems at will, including email and file servers, critical business applications, and extended cloud-based systems and services.
They may persist for months or even years inside Active Directory. Evicting them can require drastic action, ranging from resetting all users’ passwords to rebuilding Active Directory itself. Responding to and recovering from a compromise is often time consuming, costly and disruptive.
Defending against malicious cyber actors requires a combination of prevention and detection mitigation strategies. Organisations need to prevent as many Active Directory attacks as possible, while at the same time detecting them when those attacks occur.
The full advisory can be read here.
Australian Cyber Network officially launched
The Australian Cyber Network (ACN) has been established to address the current and future needs...
ATO will rename myGovID to myID in November
The Australian Government's Digital ID app, myGovID, is being renamed in November 2024.
Tenable launches security suite for secure agencies
The new Tenable Enclave Security solution is designed to help organisations operating in highly...