Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.
This month, the Semperis Research Team highlights a CISA warning about May Windows updates, Conti cyberattacks on the Costa Rican government, and a credential stuffing attack that compromised GM car owners’ data.
CISA warns against installing May Windows updates on domain controllers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advised agencies not to install patches for two elevations of privilege vulnerabilities in Kerberos and Active Directory Domain Services because they will cause authentication problems when deployed on Windows Server domain controllers.
Costa Rican president declares national emergency following Conti cyberattacks
The newly elected Costa Rican President Rodrigo Chaves declared a national emergency following cyberattacks executed by the Conti ransomware group that targeted multiple government entities. Conti’s tactics include compromising Active Directory domain credentials.
Verizon DBIR reveals that stolen credentials led to nearly 50% of attacks
The Verizon 2022 Data Breach Investigations Report (DBIR) found that nearly 50% of cyberattacks last year were caused by malicious actors using stolen credentials, which can then be leveraged to achieve domain dominance.
Threat actors compromise GM car owners’ data in credential stuffing attack
U.S. auto manufacturer General Motors (GM) reported that threat actors launched a credential stuffing attack that compromised GM car owners’ data by targeting GM’s online bills management and rewards platform.