As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks and provides additional resources for guarding against identity-related attacks. In this month’s round-up, the AT&T data breach, an attack on a California court system, and other attacks highlight the need for comprehensive identity security before, during, and after an attack.
CrowdStrike outage points to the need for tested disaster recovery plans
The global outage caused by a faulty software update released by CrowdStrike prompted industry experts to call for improved disaster recovery practices, including testing the identity system recovery process and evaluating remediation time to roll back and repair flawed updates.
Take action to test your identity recovery system: Check out To Hell and Back: Recovering AD During an Attack for tips on developing and testing a solid AD recovery plan.
California courts shut down by cyberattacks
A ransomware attack that targeted the Los Angeles County Courts, taking phone systems offline and delaying court procedures for more than a day. Semperis Principal Technologist Sean Deuby noted in a SecurityWeek article that all organizations should evaluate their systems for single points of failure to prevent cyber-related outages.
Take action to evaluate security vulnerabilities: The identity system is a top target for cyberattacks. For tips on monitoring your Active Directory and Entra ID for malicious changes, check out AD Monitoring.
AT&T data breach highlights lax credential protection
An AT&T data breach caused by exploitation of Snowflake credentials underscored the need for stronger enforcement of multi-factor authentication to prevent threat actors from extracting data. Sean Deuby, Semperis Principal Technologist, said in a Fierce Network article that “poor password policy enforcement – no MFA enforced password change on leaked credentials notice – on Snowflake’s part makes the threat actor’s work that much easier.”
Take action to prevent stolen credentials: Read How to Defend Against MFA Fatigue Attacks for tips on enforcing strong multi-factor authentication policies.