Poor Visibility, Weak Passwords Compromise Active Directory

  /     /     /  
Publicated : 22/11/2024   Category : security


Poor Visibility, Weak Passwords Compromise Active Directory


Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.



Every company has different security challenges. One common hurdle is securing Active Directory, which remains a critical issue because its used to store increasing amounts of data. Businesses face a major risk in granting access to too many people without knowing who is safe.
Active Directory was put in decades ago, and many companies, especially large ones, have had it a long time, says Skyport Systems CEO Art Gilliland. Most companies dont have a handle on what Active Directory looks like or how many people in the organization can administer it.
One of the biggest problems is a lack of visibility into the amount of people and systems with administrative rights, he continues. Admins, and sometimes systems, have access to keys and codes, and the ability to disable or enable controls as they wish.
Skyport researchers
learned
last year that many businesses overly expose AD admin credentials and consequently expose themselves to security breaches. More than 90% of organizations use AD to control policies for users and services, and they need to better secure their infrastructure. More than half let admins use the same account to configure AD and multiple other services.
Older programs make it tough to control security. Bad guys use legacy programs to gain access and elevate privileges, and thats when the real damage and breaches begin, Gilliland says. Attackers rarely target Active Directory first; they look for other ways to get in, then access the AD system.
Its usually a vulnerability in some application, he adds. It typically starts simply, with a vulnerability thats probably known and the company just hasnt patched it.
Cracking Down on Attackers
Once youve elevated privileges, its impossible to see bad stuff is happening, Gilliland says of visibility. You cant tell someone has the keys to the kingdom and is running amok.
There are two types of attackers, he explains. Some spread mass phishing attacks to see what level of access they get, then figure out if theres anything of value. Others use more targeted attacks attempting to gain access to specific information — for example, healthcare data.
If youve been breached in any way, most breach response companies will lock down and assess Active Directory because, as Gilliland puts it, the attacker has almost always done something in AD. The next step is to turn off attackers access, but finding them is tough, especially if your business has a big AD deployment.
Sometimes the only way to handle an Active Directory breach is to rebuild AD from scratch. If you have evidence that outside attackers have found their way in and created 10,000 accounts in a 50,000-person company, it will be almost impossible to get rid of them without starting over.
The marketplace makes it very difficult to know whos attacking you until after theyve stolen something and after the damage is done, he says. It doesnt help that adversaries are becoming smarter and using more-sophisticated tools than they were five years ago. Attackers are a profit center; IT departments have a strict budget that limits their actions.
The Vulnerability of Passwords
The Active Directory password is probably the most valuable one, says Amit Rahav, VP of marketing and business development at Secret Double Octopus. Weve been told to create long and complicated passwords, weve been told to change them frequently, and we end up using more and more passwords to get our jobs done.
Passwords are the most common authentication factor but also the most frequently abused, and theyre a prime target for attackers seeking Active Directory access. With so much sensitive data in one place, AD authentication is a single point of failure. The most common way for attackers to obtain passwords is through social engineering or phishing attacks.
But sometimes those arent even necessary. Rahav points out that some passwords are encrypted, but often theyre weak; for example, a birth date or dogs name. Open source tools are available to break those types of passwords, he explains. Sometimes employees store passwords in iPhone notes, Android notes, or Google+ pages, where theyre easily found.
Rahav emphasizes the need for stronger protection. Its time to move into stronger and user-friendly authentication factors … move from passwords into phones, biometrics, and things of that nature. Microsoft offers Windows Hello, which authenticates using facial recognition but requires new hardware.
Rahav anticipates biometrics will continue to grow for Active Directory authentication and within the enterprise, especially as more people use it for personal devices. A few years ago, nobody knew what biometrics was; now before breakfast we use it two or three times.
How to Be Proactive about AD Security  
Once malicious actors are inside, its hard to detect them, whether theyre external attackers or rogue employees. Often Active Directory is threatened by internal users who have been granted privileges they shouldnt have. You need to know who has access and how to restrict it.
A straightforward step for businesses to take is securing the access workstation, says Gilliland. The first thing you should do is make sure you can only access Active Directory from a system thats specifically designed to administer Active Directory and nothing else, he says. That will eliminate a lot of pain.
From there, you should monitor the actual domain controllers. Its complicated, says Gilliland, but provides visibility into whats happening and helps avoid malicious activity. Businesses should also modernize the way that they delegate access to who has permission to change rules.
Related Content:
Google Cloud Least-Privilege Function Goes Live
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Phishing Campaign Underscores Threat from Low Budget, Low Skilled Attackers
Microsoft Issues Emergency Patch to Disable Intels Broken Spectre Fix

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Poor Visibility, Weak Passwords Compromise Active Directory