Alongside our international partners, we have released new guidance on Detecting and Mitigating Active Directory compromises. This guidance provides strategies to help organisations mitigate the 17 most prevalent techniques used by malicious cyber actors to target Active Directory and gain access to their networks.
Detecting and mitigating Active Directory compromises builds on recent updates to the Information Security Manual (ISM) and includes a checklist with Active Directory security controls for organisations.
Microsoft’s Active Directory is the most widely used authentication and authorisation solution in enterprise information technology (IT) networks globally. This makes it a valuable target for malicious cyber actors and it is routinely targeted as part of attacks on enterprise IT networks.
Gaining control over Active Directory gives malicious cyber actors privileged access to all systems and users that Active Directory manages. With this privileged access, they can bypass other controls and access systems at will, including email and file servers, critical business applications, and extended cloud-based systems and services.
They may persist for months or even years inside Active Directory. Evicting them can require drastic action, ranging from resetting all users’ passwords to rebuilding Active Directory itself. Responding to and recovering from a compromise is often time consuming, costly, and disruptive.
Defending against malicious cyber actors requires a combination of prevention and detection mitigation strategies. Organisations need to prevent as many Active Directory attacks as possible, while at the same time detecting them when those attacks occur.
To learn more and minimise the risk to your organisation, read the full advisory.