Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.
This month, the Semperis Research Team highlights identity-related cyberattacks including an attack on U.S. broadcast company Sinclair, Microsoft’s warnings about delegating privileges to service providers, and more.
Sinclair TV station attack exploited Active Directory
A ransomware attack that hit Sinclair Broadcast Group, which owns or operates 186 U.S. TV stations, targeted the company’s corporate Active Directory domain.
Microsoft highlights danger of risky access privileges for service providers
Microsoft warned organizations to guard against attacks—like SolarWinds—that exploit risky access permissions for service providers. Among other guidance, the company urged a review of authentications associated with Azure AD configuration changes.
Law enforcement efforts dampen REvil activities
International government entities, including U.S. law enforcement agencies, have taken down sites and web infrastructure of REvil, a ransomware group whose tactics include exploiting administrative privileges.
BlackMatter attacks Olympus again
Weeks after reporting a ransomware attack on its EMEA network, global manufacturer Olympus reported a second incident that took out systems in the U.S., Canada, and Latin America. The attacks are attributed to BlackMatter, a group that uses tactics including deploying ransomware through a scheduled task with a PowerShell script on a domain controller.
Researchers uncover Microsoft Exchange vulnerability in Autodiscover feature
Guardicore researchers discovered that faulty implementation of the Autodiscover feature in Microsoft Exchange caused a leak of at least 100,000 login names and passwords of Windows domains. Attackers could exploit this flaw by setting up top-level Autodiscover authentication domains to collect user credentials.
More Resources
Want to strengthen defenses of your Active Directory against cyberattacks? Check out our latest resources.